Re: [PacketFence-users] Fwd: pf 7.2 go language - needs compiling?

Indeed, Go is a compiled language like C. You will have to use the go compiler to recompile that file. It should not be too hard once you get the hang of it. Take a look at /usr/local/pf/go/README.md. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inve

Re: [PacketFence-users] Fw: Can't add authentication Rules

Please show us your conf/authentication.conf file (suitably stripped of passwords and secrets). This looks like a bug that has been fixed in maintenance. Which version is this again? And did you run the /usr/local/pf/addons/pf-maint.pl script? Regards, -- Louis Munro lmu...@inverse.ca

Re: [PacketFence-users] upgrade to pf 7.2 constant parking violations

Hi Gary, Was there an actual problem with registration? The message about the violation being force closed seems to be a case of over aggressive logging more than anything. You can ignore it. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca

Re: [PacketFence-users] EAP-TTLS showing as connection type "Wireless-802.11-NoEAP"

art packetfence-radiusd-auth The issue seems to stem from a missing EAP-Type attribute inside the TLS tunnel when using TTLS. Please let us know if that helps. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447

Re: [PacketFence-users] PIN confirmation not received via SMS on phone

SMS activation codes are sent using an email to SMS gateway. Check to see if the email is actually sent and accepted by the provider. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 3

Re: [PacketFence-users] Caught exception in captiveportal... when choosing sms method

Please don't hijack threads. Start your own question and let people reply. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu &l

Re: [PacketFence-users] Caught exception in captiveportal... when choosing sms method

https://github.com/inverse-inc/packetfence/commit/b9642f12ed9bd3ec62f800bd4a5dfd36702553c2.diff> # bin/pfcmd service pf restart Then you can try deleting the source from the GUI and then recreating it again. If it works we've got ourselves a fix. Regards, -- Louis Munro lmu...@inverse.ca

Re: [PacketFence-users] Caught exception in captiveportal... when choosing sms method

we'll open an issue on GitHub for tracking and issue a maintenance patch. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind S

Re: [PacketFence-users] Export Nodes from 6.20 for import into 7.2?

http://import-node-csv.pl/> script. Also, I would be able to clean the > data up a little before importing on the new server. > > I am all ears If it makes more sense to use mysqldump - any tips for > import/export process for just the nodes table with that command? > &

Re: [PacketFence-users] Export Nodes from 6.20 for import into 7.2?

that. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (ww

Re: [PacketFence-users] Export Nodes from 6.20 for import into 7.2?

Why a CSV? A myslqdump would preserve the data and be much easier to reimport. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.s

Re: [PacketFence-users] dhcpd not starting

an active/active 3 node configuration. It's normal that it won't start on the third node. Indeed the message above is because it's not running locally. PacketFence will get the lease information from the database in that case. Regards, -- Louis Munro lmu...@inverse.ca <

Re: [PacketFence-users] How to config database address

n" That's because the actual service is "packetfence-mariadb". Try #systemctl status packetfence-mariadb and then perhaps # systemctl start packetfence-mariadb -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.in

Re: [PacketFence-users] Help Please

that? Or just the frequency it runs at? If the latter, there is a nodes_maintenance_interval variable that is set by default to 60s. You can find it in the "maintenance" section of the GUI. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca

Re: [PacketFence-users] How to config database address

n't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (2 "No such file or directory") at -e line 1. > how can I do to fix the problem?thank you! Rebooting is unnecessary if all you want is to restart a service. What is systemct

Re: [PacketFence-users] radius accounting info not being mapped to users

happens if you run this manually? Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>

Re: [PacketFence-users] local SQL vs wireless 802.1x EAP mschav2

> On Jul 20, 2017, at 10:16, LE GALL Yohann via PacketFence-users > wrote: > > Unfortunately passwords aren't encrypted... Nothing prevents you from hashing the string before inserting it. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::

Re: [PacketFence-users] local SQL vs wireless 802.1x EAP mschav2

prefixed with {ntlm} if they are NT hashes), then configure a connection profile to use the local database as authentication source it should work. Take a look at lib/pf/password.pm around line 495 for an example. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www

Re: [PacketFence-users] local SQL vs wireless 802.1x EAP mschav2

PacketFence (or FreeRADIUS in general). There's no way around that. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <

Re: [PacketFence-users] radius accounting info not being mapped to users

Hi Diego, Can you see if you have data in the radacct table? Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <htt

Re: [PacketFence-users] Can't start packetfence-httpd.admin.service

SSD... so not too horrible > > I could eventually do a full strace if needed. > Those are not missing files. That's the way perl searches for a module through @INC. It tries each directory in the array until it either succeeds or runs out of directories to try. You'll

Re: [PacketFence-users] Can't start packetfence-httpd.admin.service

By Jove! You are right, of course. The value to change is indeed TimeoutStartSec. Are you running a cluster by any chance? We are trying to find out why the admin is taking too long to start under some configurations and anecdotal evidence points to VIPs playing a role. Best regards, -- Louis

Re: [PacketFence-users] Can't start packetfence-httpd.admin.service

estart the admin: # systemctl restart packetfence-httpd.admin Please report the results, with logs if it fails. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse

Re: [PacketFence-users] Can't start packetfence-httpd.admin.service

Hi Jarek, Can you report the output of this command please? # systemct cat packetfence-httpd.admin Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Le

Re: [PacketFence-users] DLINK DGS3100

ue.log Or look for it by unit in the journal: # journalctl -u packetfence-pfqueue Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind

Re: [PacketFence-users] Multi-site PF and clustering?

l us more, we may be able to help. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)

Re: [PacketFence-users] Inconsistent roles in switches definition

Check the database. They may still exist in the node_category table. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <htt

Re: [PacketFence-users] Unable to view the web configuration page after installation

even making it to the VM? Do you see any request for your IP in logs/httpd.admin.access? Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind

Re: [PacketFence-users] Unable to view the web configuration page after installation

rator web app at https://$HOST:1443/ <https://$host:1443/> See section 9 here: https://packetfence.org/doc/PacketFence_Administration_Guide.html#_configuration <https://packetfence.org/doc/PacketFence_Administration_Guide.html#_configuration> Don't overthink this. You are meant

Re: [PacketFence-users] "default" user not pushing device to login portal

equests are sent to PacketFence, and if the reply points to the IP of the captive-portal. Let me know what you find... > Makes sense, I'll go ahead and start building granular profiles. How do > I specify non-802.1x wireless traffic? Wireless-802.11-NoEAP? > Exactly. Regards, --

Re: [PacketFence-users] "default" user not pushing device to login portal

etc. It's also easier to maintain over time, as when adding something new (a new SSID for instance) you can define a separate profile for it and not have to modify the default which is already handling production traffic for your existing network. Regards, -- Louis Munro lmu...@inverse.c

Re: [PacketFence-users] "default" user not pushing device to login portal

ere 802.1x) then PF has no way to assign them a role. The solution is to create a profile that match MAC authentication and disable autoregistration on it. The devices will then be forced to register, i.e. they'll be placed behind the captive portal. Hope this helps, -- Louis Munro lm

[PacketFence-users] Announcing PacketFence v7.2

wired and wireless networks with the PacketFence solution. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sog

Re: [PacketFence-users] Unable to view the web configuration page after installation

f the fancier features of PF, and PF intends to manage the firewall rules by hand (e.g. using the iptables command and not firewalld). Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (86

Re: [PacketFence-users] "default" user not pushing device to login portal

value $roleName in > hash element at /usr/local/pf/lib/pf/Switch.pm line 749. > (pf::Switch::getRoleByName) > Jul 6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641) > WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in > concatenation (.) or str

Re: [PacketFence-users] HP 1920 (JG1920-14G) support ?

Correction. The generic switch (pf::Switch::Generic) is not exactly the same as the base class (pf::Switch). The difference is that the generic switch does support RADIUS. So it's not completely useless. Just completely useless for SNMP. Cheers, -- Louis Munro lmu...@inverse.ca <ma

Re: [PacketFence-users] HP 1920 (JG1920-14G) support ?

for RADIUS a long time ago. I've opened an issue about it. https://github.com/inverse-inc/packetfence/issues/2470 <https://github.com/inverse-inc/packetfence/issues/2470> Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inve

Re: [PacketFence-users] HP 1920 (JG1920-14G) support ?

It's well worth the investment to learn it. SNMP is essentially obsolete and support for it (at least as an access control method) is dying. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125

Re: [PacketFence-users] How do you prevent a stolen MAC from accessing the network

method that requires authentication based on something known (e.g. a password) or something owned (e.g. a certificate). Practically speaking this means 802.1x with a password (which can be changed if the device is stolen) or with a certificate (i.e. EAP-TLS) which you can revoke. Regar

Re: [PacketFence-users] PF httpd.graphite service failed

d, in a VM the random generation is "slow", so if > you try to read from /dev/random you'll get stuck for minutes unless you > configure a paravirtualize random device (not my case). > > The unblocked random generator (/dev/urandom) is an option, even though it > c

Re: [PacketFence-users] PF httpd.graphite service failed

Hello Mirko, Sorry I could not help more. I was out most of the day yesterday. That's an interesting issue. Can you tell us more about the environment you are running this on? Best regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://

Re: [PacketFence-users] PF httpd.graphite service failed

cmd.pl(15995): Daemon > httpd.graphite took 99.573 seconds to start. > (pf::services::manager::launchService) Did you go through the configurator? Please show your conf/pf.conf (remove the passwords). What are the specs of that machine? 99 seconds to start is a bit much. Regards, -- Lo

Re: [PacketFence-users] Active Directory Domains problem

It will be just as smart as Samba is. Remember this is just an smb.conf configuration change in the end. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc

Re: [PacketFence-users] Customisation of CSS files in PF 7.1

/en/download/> which contain an updated version of npm. I guess this is what happens when you don't run Ubuntu these days... -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125

Re: [PacketFence-users] Customisation of CSS files in PF 7.1

rom registry: https://registry.npmjs.org/grunt-cli I get that error too, so don't feel too lonely. I am investigating. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse

Re: [PacketFence-users] Active Directory Domains problem

/library/cc978011.aspx> In any case, you can edit the template files used to generate the samba configuration (/usr/local/pf/addons/AD/smb.tt) and configure samba exactly how you want it. If it can be done by Samba, there's a way to do it in PacketFence ;-) Best regards, -- Louis Munro l

Re: [PacketFence-users] Active Directory Domains problem

root and the outside. PacketFence will automatically create the rules for that if you have configured the domain, so make sure you configure it in the GUI (even if the join fails) and then check that the packetfence-iptables service has run. I hope this helps. Regards, -- Louis Munro lmu...@in

Re: [PacketFence-users] haproxy | mysql

packetfence-config.service And in turn, the packetfence-base.target includes the packetfence-mariadb.service. So you don't have to do anything about mysql, and in fact you are making your life harder by starting it. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::

Re: [PacketFence-users] RESOLVED: Upgrading PF 6.5 to 7.0 haproxy not starting

distribution-specific steps'. Anyone > that reads it all, and just executes in order, would (we think) be doing it > in the incorrect order. > Fair points, all of them. We'll try to do better and be more explicit in the future. Best regards, -- Louis Munro lmu...

Re: [PacketFence-users] Multiple Graphs showing on 'System State' page in PF 7

for a given metric and persist forever unless you manually delete them. Best regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.so

Re: [PacketFence-users] Upgrading PF 6.5 to 7.0 haproxy not starting

You can try running haproxy in debug mode to see what error messages may be lurking there: # /usr/sbin/haproxy -f /usr/local/pf/var/conf/haproxy.conf -p /usr/local/pf/var/run/haproxy.pid -d Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::

[PacketFence-users] ANN: PacketFence v7.0.2

ks with the PacketFence solution. Best Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)

[PacketFence-users] ANN: PacketFence v7.0.1

rofessional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse

Re: [PacketFence-users] New Install - No Data for Registrations/min

Try this then: Open a terminal and then run this command: # journalctl -u packetfence-carbon-cache -f Register a new node. Any node. Any output in the journalctl terminal? -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.i

Re: [PacketFence-users] use_mppe in mschap radius module

hat you are doing is fine. I'll fix this in the next release. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://

Re: [PacketFence-users] Can not restart packetfence after upgrade to 7.0

ervice pf start But then again, all pfcmd does is call systemctl. The reason PacketFence will start on boot is that it's the default target. # systemctl get-default packetfence.target Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.

Re: [PacketFence-users] New Install - No Data for Registrations/min

t the output to this command: # ls -l /usr/local/pf/var/graphite/whisper/stats/counters/*/pf__node__node_register/called Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

e configurable. I'm adding it to the whishlist for 7.1 or 7.2. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.n

Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade

crt cle_ut-capitole_fr.key > certif2_ut-capitole_fr.pem > > But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ? > > Thanks Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse

Re: [PacketFence-users] upgrade packetfence 5.6 -> 7

ve all the existing users / nodes? > > What are things to keep into mind then...? > > Or should I just spend more time, getting things running with the > updated old config files? Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.

Re: [PacketFence-users] Packetfence 7 on Debian Jessie - totally broken, impossible to update. Broken dependencies all over (C.)

n of FreeRADIUS provided by testing or unstable cannot be used with PacketFence. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behin

Re: [PacketFence-users] Packetfence 7 on Debian Jessie - totally broken, impossible to update. Broken dependencies all over

blob/devel/UPGRADE.asciidoc> ? Especially those related to the Mariadb upgrade? There was indeed an issue due to GPG signing of the libssl package. That issue has now been resolved. I just upgraded a system from 6.5.1 to 7.0.0. Regards, -- Louis Munro lmu...@inverse.ca <mailto

Re: [PacketFence-users] radtest fails on a working system

be defined. Look in /usr/local/pf/conf/local_secret for the shared secret of the local server. You will need it. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse

Re: [PacketFence-users] How to configure switch for VLAN changes ?

e it dynamically or something like that > ? > BTW CoA is set up exactly like in the network devices configuration guide. > Looks to me like you have both RADIUS and port security configured for those ports. Don't do that. It will only lead to trouble. The lines abov

Re: [PacketFence-users] How to configure switch for VLAN changes ?

onnected including phones, which is more common nowadays. Since a lot of IP phones use PoE, that will reboot the phone. So we try to do that as little as possible. Cheers, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.4

Re: [PacketFence-users] How to configure switch for VLAN changes ?

-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-AE457161-5092-4602-8D50-53BA1F74FAB5> Hint, google is your friend... -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc.

Re: [PacketFence-users] How to configure switch for VLAN changes ?

p://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_58_se/configuration/guide/2960scg/sw8021x.html#pgfId-1289244> Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1

Re: [PacketFence-users] Upgrading of Packetfence from 6.0.0 to 6.5.0 on Cent

g the WLC is given a COA for the respective VLAN > and the user is switched… Any foreseen problems upgrading from 6.0 to 6.5 in > this use case? > None. That is a pretty common deployment. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca

Re: [PacketFence-users] Latency Packetfence inline deployment 6.4

online resource on debugging linux performance issues in general should do. But really, what I recommend is that if low latency is a priority you should run that traffic in out of band mode. The inline mode, especially running on a VM is never going to beat the performance of dedicated routing har

Re: [PacketFence-users] hostapd/Openwrt with Multiple SSIDs on same vlan Bug

> On Feb 15, 2017, at 8:53 AM, Chris Abel wrote: > > I don't mean to be a pest, but is there any more information that you might > need? This seems like basic functionality that others would want working as > well. A Pull Request would be nice. Regards, -- Louis Mun

Re: [PacketFence-users] Wired Domain-Joined Machine Authentication

> On Feb 6, 2017, at 10:22 AM, Philip Damian-Grint > wrote: > > I have seen elsewhere in the mailing lists a few responses by Louis Munro > around troubleshooting this with ntlm_auth, and certainly running ntlm_auth > with the challenge and response shown in the log is

Re: [PacketFence-users] Issues with Activation Email on 6.4.0

resolving in the production VLAN? Make sure you have an entry in DNS for that host. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.so

Re: [PacketFence-users] PF on Ubiquity AP

and friendly. > > I blame the allergy medication. Rude or not, you are correct. There is no way PF will run on such a limited device. It's a NAC. It's meant to run on a server or VM. -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http:

Re: [PacketFence-users] admin password reset

12:51 PM, james edwards wrote: > > Hello Louis, > > I did what you suggested. I can see the new password in the table. > > However, i still can not sign in. Rebooted the server and still the same > issue. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inver

Re: [PacketFence-users] admin password reset

better password from the admin GUI. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo

Re: [PacketFence-users] No pictures in dashboard view

wer most or all of those questions that way. You can make it easier on yourself by right-clicking one of the missing images and copying the URL. Then open it in another browser tab with developer tools enabled. Check the request and reply that come back. Regards, -- Louis Munro lmu...@inverse

Re: [PacketFence-users] No pictures in dashboard view

g1 "}') Hi Manfred, How about the other daemons? What is the status of carbon-cache, carbon-relay, collectd and statsd? Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-615

Re: [PacketFence-users] maintenance script with remote database

ed on the database server. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (www

Re: [PacketFence-users] maintenance script with remote database

ript and all it's dependencies to it. It may be simpler to edit the backup script to only run the cleaner and not dump the database and then run it from the PF server. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.

Re: [PacketFence-users] maintenance script with remote database

On Sep 28, 2016, at 10:34 AM, Morris, Andi wrote:Hi Louis,That makes sense, but in practice I get errors when running this on a server that hasn’t had packetfence installed as there are calls to log4perl.pm files in the database-clearner.pl script. You would need to edit

Re: [PacketFence-users] maintenance script with remote database

uld be sent to the user designated for PF alerts? If not, > is there scope for this to be added as an option? > > Cheers, > Andi > Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125

Re: [PacketFence-users] prevent auto-upgrade on debian

> On Sep 21, 2016, at 4:56 AM, mj wrote: > >> >> apt-get upgrade --enablerepo=packetfence packetfence > > Is that possible? Hi MJ, Comment out the PacketFence repository in the sources. apt is less flexible than yum in that respect (more in others). Reg

Re: [PacketFence-users] packetfence.org down ??

Hi Holger, Yes, the website was down part of yesterday. A hardware failure I'm afraid. > On Sep 19, 2016, at 12:33 PM, > wrote: > > Hi, > > packetfence.org <http://packetfence.org/> doesn’t answer. > Has anyone the same problems? > Regards, -- Louis

Re: [PacketFence-users] packetfence.org down ??

eaction time... Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (www.packetfence.o

Re: [PacketFence-users] MySQL has gone away?

84) ERROR: Couldn't select from table. Error > : DBD::mysql::st execute failed: MySQL server has gone away at > /usr/local/pf/lib/pfconfig/backend/mysql.pm line 84, <$socket> line 1. Hi Jason, Are you running this as a cluster or a single node? And are there other database errors in

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

pfdhcplistener is actually a fancy wrapper around lipcap. I am not sure how that gets reported by netstat since it does not open a socket. What does ps -ef | grep pfdhcplistener reports? -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inve

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

s, but I can't > really do that on wired.. Not that I expect much guest access there. You can even define profiles that match combinations of things. E.g connection type & SSID. Connection type can also be wired vs wireless. It's pretty flexible. You should be able to narro

Re: [PacketFence-users] new PacketFence install

ed to connect. I > checked to see if iptables was still disabled and it is. I can ping PF server > so NIC Is still active . I don’t know what to check now. If someone could > help or get me going in the right direction , it would be greatly > appreciated. Thanks. -Tony >

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

tion to the 802.1x profile. Profiles can be assigned based on criteria such as SSID, connection type, switch (controller) etc. It should be possible to have a portal that only matches your dot1x traffic. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.invers

Re: [PacketFence-users] Server Load metric

-mean-in-unix-linux> Note that any discussion of the load has to consider the number of CPU cores available. I.e. a load of 2 on a 4 cores machine is not the same thing as on a single core one. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

and I'm not sure how to set up the rules to make this work.. Should I > be using EAPTLS or some other source for local 802.1x? Or do I need to > manually configure each user in both the source rules and the user entries? -- Louis Munro lmu...@inverse.ca <mailto:lmu...@invers

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

--- > > "Any sufficiently advanced magic is indistinguishable from technology." > - Niven's Inverse of Clarke's Third Law > > -- > _______ > PacketFence-users mailing list >

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Also, check that you have enabled local auth by uncommenting line 98 in conf/radiusd/packetfence-tunnel. > On Sep 7, 2016, at 3:31 PM, Louis Munro wrote: > > Hi Jason, > > It's trying to use winbind for authentication. > Assuming you want to use locally defined users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016 : Info: (37) eap_peap: what went wrong, and > how to fix the problem > Wed Sep 7 15:18:20 2016 : Auth: (37) Login incorrect (eap: Failed > continuing EAP PEAP (25) session. EAP sub-module failed): [testuser] > (from client 192.168.10.10 port 50101 cli xx:xx:xx:xx

Re: [PacketFence-users] Resizing a disk drive on PF-ZEN

ted at /usr/local/pf it won't make a difference to PacketFence. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu &l

Re: [PacketFence-users] Resizing a disk drive on PF-ZEN

on it and then mounting it at /usr/local/pf/logs? There are all kinds of others way to do it. This is just a simple one that does not requires playing with LVM. Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447

Re: [PacketFence-users] Captive Portal and SSL - Unresolvable task?

t will return a XML WISPr payload to the device instead of an html page, telling it where to login. The device should then open it's WISPr client and connect to the provided URL. If you disable that option, WISPr will not be detected or acted upon. Best regards, -- Louis Munro lmu...@in

Re: [PacketFence-users] Microsoft PKI (MSPKI) + Cisco Wireles Controller

dy in use > /usr/local/pf/raddb/auth.conf[9]: Error binding to port for 127.0.0.1 port > 18120 > > > > > Radtest: > > # radtest dd Abcd1234 localhost:18120 12 testing123 > Sent Access-Request Id 64 from 0.0.0.0:35042 to 127.0.0.1:18120 length 76 > Us

Re: [PacketFence-users] Portal limits

graphs? I am sure it > would > show what was happening a bit clearer. The graphs are just png files. You can save them and send them. Also, take a look at your http://YOUR-PF-IP-HERE:9000 for the full graphite metrics. Best regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@

Re: [PacketFence-users] Captive Portal and SSL - Unresolvable task?

. >> This site uses HTTP Strict Transport Security (HSTS) to specify that >> Firefox only connect to it securely. As a result, it is not possible to >> add an exception for this certificate." >> Best regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inve

  1   2   3   4   5   6   7   8   >