Indeed, Go is a compiled language like C.
You will have to use the go compiler to recompile that file.
It should not be too hard once you get the hang of it.
Take a look at /usr/local/pf/go/README.md.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inve
Please show us your conf/authentication.conf file (suitably stripped of
passwords and secrets).
This looks like a bug that has been fixed in maintenance.
Which version is this again?
And did you run the /usr/local/pf/addons/pf-maint.pl script?
Regards,
--
Louis Munro
lmu...@inverse.ca
Hi Gary,
Was there an actual problem with registration?
The message about the violation being force closed seems to be a case of over
aggressive logging more than anything.
You can ignore it.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
art packetfence-radiusd-auth
The issue seems to stem from a missing EAP-Type attribute inside the TLS tunnel
when using TTLS.
Please let us know if that helps.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447
SMS activation codes are sent using an email to SMS gateway.
Check to see if the email is actually sent and accepted by the provider.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 3
Please don't hijack threads.
Start your own question and let people reply.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu &l
https://github.com/inverse-inc/packetfence/commit/b9642f12ed9bd3ec62f800bd4a5dfd36702553c2.diff>
# bin/pfcmd service pf restart
Then you can try deleting the source from the GUI and then recreating it again.
If it works we've got ourselves a fix.
Regards,
--
Louis Munro
lmu...@inverse.ca
we'll open an issue on GitHub for tracking and issue a maintenance
patch.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind S
http://import-node-csv.pl/> script. Also, I would be able to clean the
> data up a little before importing on the new server.
>
> I am all ears If it makes more sense to use mysqldump - any tips for
> import/export process for just the nodes table with that command?
>
&
that.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (ww
Why a CSV?
A myslqdump would preserve the data and be much easier to reimport.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.s
an active/active 3 node configuration.
It's normal that it won't start on the third node.
Indeed the message above is because it's not running locally.
PacketFence will get the lease information from the database in that case.
Regards,
--
Louis Munro
lmu...@inverse.ca <
n"
That's because the actual service is "packetfence-mariadb".
Try
#systemctl status packetfence-mariadb
and then perhaps
# systemctl start packetfence-mariadb
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.in
that?
Or just the frequency it runs at?
If the latter, there is a nodes_maintenance_interval variable that is set by
default to 60s.
You can find it in the "maintenance" section of the GUI.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
n't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (2 "No such file or directory") at -e line 1.
> how can I do to fix the problem?thank you!
Rebooting is unnecessary if all you want is to restart a service.
What is systemct
happens if you run this manually?
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>
> On Jul 20, 2017, at 10:16, LE GALL Yohann via PacketFence-users
> wrote:
>
> Unfortunately passwords aren't encrypted...
Nothing prevents you from hashing the string before inserting it.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::
prefixed with {ntlm} if they are NT hashes), then configure a
connection profile to use the local database as authentication source it should
work.
Take a look at lib/pf/password.pm around line 495 for an example.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www
PacketFence (or FreeRADIUS in
general).
There's no way around that.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <
Hi Diego,
Can you see if you have data in the radacct table?
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <htt
SSD... so not too horrible
>
> I could eventually do a full strace if needed.
>
Those are not missing files.
That's the way perl searches for a module through @INC.
It tries each directory in the array until it either succeeds or runs out of
directories to try.
You'll
By Jove!
You are right, of course.
The value to change is indeed TimeoutStartSec.
Are you running a cluster by any chance?
We are trying to find out why the admin is taking too long to start under some
configurations and anecdotal evidence points to VIPs playing a role.
Best regards,
--
Louis
estart the admin:
# systemctl restart packetfence-httpd.admin
Please report the results, with logs if it fails.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse
Hi Jarek,
Can you report the output of this command please?
# systemct cat packetfence-httpd.admin
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Le
ue.log
Or look for it by unit in the journal:
# journalctl -u packetfence-pfqueue
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind
l us more, we may be able to help.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)
Check the database.
They may still exist in the node_category table.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <htt
even making it to the VM?
Do you see any request for your IP in logs/httpd.admin.access?
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind
rator web app at
https://$HOST:1443/ <https://$host:1443/>
See section 9 here:
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_configuration
<https://packetfence.org/doc/PacketFence_Administration_Guide.html#_configuration>
Don't overthink this.
You are meant
equests are sent to PacketFence, and if the reply points to
the IP of the captive-portal.
Let me know what you find...
> Makes sense, I'll go ahead and start building granular profiles. How do
> I specify non-802.1x wireless traffic? Wireless-802.11-NoEAP?
>
Exactly.
Regards,
--
etc.
It's also easier to maintain over time, as when adding something new (a new
SSID for instance) you can define a separate profile for it and not have to
modify the default which is already handling production traffic for your
existing network.
Regards,
--
Louis Munro
lmu...@inverse.c
ere 802.1x) then PF has no way to assign them
a role.
The solution is to create a profile that match MAC authentication and disable
autoregistration on it.
The devices will then be forced to register, i.e. they'll be placed behind the
captive portal.
Hope this helps,
--
Louis Munro
lm
wired and wireless networks with the PacketFence solution.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sog
f the fancier features of
PF, and PF intends to manage the firewall rules by hand (e.g. using the
iptables command and not firewalld).
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (86
value $roleName in
> hash element at /usr/local/pf/lib/pf/Switch.pm line 749.
> (pf::Switch::getRoleByName)
> Jul 6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in
> concatenation (.) or str
Correction.
The generic switch (pf::Switch::Generic) is not exactly the same as the base
class (pf::Switch).
The difference is that the generic switch does support RADIUS.
So it's not completely useless.
Just completely useless for SNMP.
Cheers,
--
Louis Munro
lmu...@inverse.ca <ma
for RADIUS a long time ago.
I've opened an issue about it.
https://github.com/inverse-inc/packetfence/issues/2470
<https://github.com/inverse-inc/packetfence/issues/2470>
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inve
It's well worth the investment to learn it.
SNMP is essentially obsolete and support for it (at least as an access control
method) is dying.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125
method that requires authentication
based on something known (e.g. a password) or something owned (e.g. a
certificate).
Practically speaking this means 802.1x with a password (which can be changed if
the device is stolen) or with a certificate (i.e. EAP-TLS) which you can revoke.
Regar
d, in a VM the random generation is "slow", so if
> you try to read from /dev/random you'll get stuck for minutes unless you
> configure a paravirtualize random device (not my case).
>
> The unblocked random generator (/dev/urandom) is an option, even though it
> c
Hello Mirko,
Sorry I could not help more. I was out most of the day yesterday.
That's an interesting issue.
Can you tell us more about the environment you are running this on?
Best regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://
cmd.pl(15995): Daemon
> httpd.graphite took 99.573 seconds to start.
> (pf::services::manager::launchService)
Did you go through the configurator?
Please show your conf/pf.conf (remove the passwords).
What are the specs of that machine?
99 seconds to start is a bit much.
Regards,
--
Lo
It will be just as smart as Samba is.
Remember this is just an smb.conf configuration change in the end.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc
/en/download/> which contain
an updated version of npm.
I guess this is what happens when you don't run Ubuntu these days...
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
rom registry: https://registry.npmjs.org/grunt-cli
I get that error too, so don't feel too lonely.
I am investigating.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse
/library/cc978011.aspx>
In any case, you can edit the template files used to generate the samba
configuration (/usr/local/pf/addons/AD/smb.tt) and configure samba exactly how
you want it.
If it can be done by Samba, there's a way to do it in PacketFence ;-)
Best regards,
--
Louis Munro
l
root and the outside.
PacketFence will automatically create the rules for that if you have configured
the domain, so make sure you configure it in the GUI (even if the join fails)
and then check that the packetfence-iptables service has run.
I hope this helps.
Regards,
--
Louis Munro
lmu...@in
packetfence-config.service
And in turn, the packetfence-base.target includes the
packetfence-mariadb.service.
So you don't have to do anything about mysql, and in fact you are making your
life harder by starting it.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::
distribution-specific steps'. Anyone
> that reads it all, and just executes in order, would (we think) be doing it
> in the incorrect order.
>
Fair points, all of them.
We'll try to do better and be more explicit in the future.
Best regards,
--
Louis Munro
lmu...
for a given
metric and persist forever unless you manually delete them.
Best regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.so
You can try running haproxy in debug mode to see what error messages may be
lurking there:
# /usr/sbin/haproxy -f /usr/local/pf/var/conf/haproxy.conf -p
/usr/local/pf/var/run/haproxy.pid -d
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> ::
ks with the PacketFence solution.
Best Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)
rofessional services to organizations willing to secure their
wired and wireless networks with the PacketFence solution.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse
Try this then:
Open a terminal and then run this command:
# journalctl -u packetfence-carbon-cache -f
Register a new node.
Any node.
Any output in the journalctl terminal?
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.i
hat you are doing is fine.
I'll fix this in the next release.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://
ervice pf start
But then again, all pfcmd does is call systemctl.
The reason PacketFence will start on boot is that it's the default target.
# systemctl get-default
packetfence.target
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.
t the output to this
command:
# ls -l
/usr/local/pf/var/graphite/whisper/stats/counters/*/pf__node__node_register/called
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153
e configurable.
I'm adding it to the whishlist for 7.1 or 7.2.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.n
crt cle_ut-capitole_fr.key
> certif2_ut-capitole_fr.pem
>
> But where must "certif2_ut-capitole_fr.pem" be used ? Which config file ?
>
> Thanks
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse
ve all the existing users / nodes?
>
> What are things to keep into mind then...?
>
> Or should I just spend more time, getting things running with the
> updated old config files?
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.
n of FreeRADIUS provided by testing or unstable cannot be used with
PacketFence.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behin
blob/devel/UPGRADE.asciidoc> ?
Especially those related to the Mariadb upgrade?
There was indeed an issue due to GPG signing of the libssl package.
That issue has now been resolved.
I just upgraded a system from 6.5.1 to 7.0.0.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto
be defined.
Look in /usr/local/pf/conf/local_secret for the shared secret of the local
server.
You will need it.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse
e it dynamically or something like that
> ?
> BTW CoA is set up exactly like in the network devices configuration guide.
>
Looks to me like you have both RADIUS and port security configured for those
ports.
Don't do that. It will only lead to trouble.
The lines abov
onnected including phones, which is more
common nowadays.
Since a lot of IP phones use PoE, that will reboot the phone.
So we try to do that as little as possible.
Cheers,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.4
-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-AE457161-5092-4602-8D50-53BA1F74FAB5>
Hint, google is your friend...
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc.
p://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_58_se/configuration/guide/2960scg/sw8021x.html#pgfId-1289244>
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1
g the WLC is given a COA for the respective VLAN
> and the user is switched… Any foreseen problems upgrading from 6.0 to 6.5 in
> this use case?
>
None.
That is a pretty common deployment.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
online resource on debugging linux performance issues in
general should do.
But really, what I recommend is that if low latency is a priority you should
run that traffic in out of band mode.
The inline mode, especially running on a VM is never going to beat the
performance of dedicated routing har
> On Feb 15, 2017, at 8:53 AM, Chris Abel wrote:
>
> I don't mean to be a pest, but is there any more information that you might
> need? This seems like basic functionality that others would want working as
> well.
A Pull Request would be nice.
Regards,
--
Louis Mun
> On Feb 6, 2017, at 10:22 AM, Philip Damian-Grint
> wrote:
>
> I have seen elsewhere in the mailing lists a few responses by Louis Munro
> around troubleshooting this with ntlm_auth, and certainly running ntlm_auth
> with the challenge and response shown in the log is
resolving in the production VLAN?
Make sure you have an entry in DNS for that host.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.so
and friendly.
>
> I blame the allergy medication.
Rude or not, you are correct.
There is no way PF will run on such a limited device.
It's a NAC. It's meant to run on a server or VM.
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http:
12:51 PM, james edwards wrote:
>
> Hello Louis,
>
> I did what you suggested. I can see the new password in the table.
>
> However, i still can not sign in. Rebooted the server and still the same
> issue.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inver
better password from the admin GUI.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo
wer most or all of those questions that way.
You can make it easier on yourself by right-clicking one of the missing images
and copying the URL.
Then open it in another browser tab with developer tools enabled.
Check the request and reply that come back.
Regards,
--
Louis Munro
lmu...@inverse
g1 "}')
Hi Manfred,
How about the other daemons?
What is the status of carbon-cache, carbon-relay, collectd and statsd?
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-615
ed on the
database server.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www
ript and all it's dependencies to it.
It may be simpler to edit the backup script to only run the cleaner and not
dump the database and then run it from the PF server.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.
On Sep 28, 2016, at 10:34 AM, Morris, Andi wrote:Hi Louis,That makes sense, but in practice I get errors when running this on a server that hasn’t had packetfence installed as there are calls to log4perl.pm files in the database-clearner.pl script. You would need to edit
uld be sent to the user designated for PF alerts? If not,
> is there scope for this to be added as an option?
>
> Cheers,
> Andi
>
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125
> On Sep 21, 2016, at 4:56 AM, mj wrote:
>
>>
>> apt-get upgrade --enablerepo=packetfence packetfence
>
> Is that possible?
Hi MJ,
Comment out the PacketFence repository in the sources.
apt is less flexible than yum in that respect (more in others).
Reg
Hi Holger,
Yes, the website was down part of yesterday.
A hardware failure I'm afraid.
> On Sep 19, 2016, at 12:33 PM,
> wrote:
>
> Hi,
>
> packetfence.org <http://packetfence.org/> doesn’t answer.
> Has anyone the same problems?
>
Regards,
--
Louis
eaction time...
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.o
84) ERROR: Couldn't select from table. Error
> : DBD::mysql::st execute failed: MySQL server has gone away at
> /usr/local/pf/lib/pfconfig/backend/mysql.pm line 84, <$socket> line 1.
Hi Jason,
Are you running this as a cluster or a single node?
And are there other database errors in
pfdhcplistener is actually a fancy wrapper around lipcap.
I am not sure how that gets reported by netstat since it does not open a socket.
What does ps -ef | grep pfdhcplistener reports?
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inve
s, but I can't
> really do that on wired.. Not that I expect much guest access there.
You can even define profiles that match combinations of things.
E.g connection type & SSID.
Connection type can also be wired vs wireless.
It's pretty flexible.
You should be able to narro
ed to connect. I
> checked to see if iptables was still disabled and it is. I can ping PF server
> so NIC Is still active . I don’t know what to check now. If someone could
> help or get me going in the right direction , it would be greatly
> appreciated. Thanks. -Tony
>
tion to the 802.1x profile.
Profiles can be assigned based on criteria such as SSID, connection type,
switch (controller) etc.
It should be possible to have a portal that only matches your dot1x traffic.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.invers
-mean-in-unix-linux>
Note that any discussion of the load has to consider the number of CPU cores
available.
I.e. a load of 2 on a 4 cores machine is not the same thing as on a single core
one.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<
and I'm not sure how to set up the rules to make this work.. Should I
> be using EAPTLS or some other source for local 802.1x? Or do I need to
> manually configure each user in both the source rules and the user entries?
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@invers
---
>
> "Any sufficiently advanced magic is indistinguishable from technology."
> - Niven's Inverse of Clarke's Third Law
>
> --
> _______
> PacketFence-users mailing list
>
Also, check that you have enabled local auth by uncommenting line 98 in
conf/radiusd/packetfence-tunnel.
> On Sep 7, 2016, at 3:31 PM, Louis Munro wrote:
>
> Hi Jason,
>
> It's trying to use winbind for authentication.
> Assuming you want to use locally defined users
2016 : Info: (37) eap_peap: what went wrong, and
> how to fix the problem
> Wed Sep 7 15:18:20 2016 : Auth: (37) Login incorrect (eap: Failed
> continuing EAP PEAP (25) session. EAP sub-module failed): [testuser]
> (from client 192.168.10.10 port 50101 cli xx:xx:xx:xx
ted at /usr/local/pf it won't make a
difference to PacketFence.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu &l
on it and then mounting it at /usr/local/pf/logs?
There are all kinds of others way to do it.
This is just a simple one that does not requires playing with LVM.
Regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447
t will return a XML WISPr payload to the device instead of an html page,
telling it where to login.
The device should then open it's WISPr client and connect to the provided URL.
If you disable that option, WISPr will not be detected or acted upon.
Best regards,
--
Louis Munro
lmu...@in
dy in use
> /usr/local/pf/raddb/auth.conf[9]: Error binding to port for 127.0.0.1 port
> 18120
>
>
>
>
> Radtest:
>
> # radtest dd Abcd1234 localhost:18120 12 testing123
> Sent Access-Request Id 64 from 0.0.0.0:35042 to 127.0.0.1:18120 length 76
> Us
graphs? I am sure it
> would
> show what was happening a bit clearer.
The graphs are just png files.
You can save them and send them.
Also, take a look at your http://YOUR-PF-IP-HERE:9000 for the full graphite
metrics.
Best regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@
.
>> This site uses HTTP Strict Transport Security (HSTS) to specify that
>> Firefox only connect to it securely. As a result, it is not possible to
>> add an exception for this certificate."
>>
Best regards,
--
Louis Munro
lmu...@inverse.ca <mailto:lmu...@inve
1 - 100 of 775 matches
Mail list logo