[PacketFence-users] issue with AD join & NTLM-Auth without AD Join

Hello everyone, I just installed a new instance of PF 13.1 (ZEN ova) for testing. When trying to connect to our Active Directory I encountered some issues: 1. "The field Active Directory IP" is optional according to the help: "This field is optional if Active Directory server's FQDN is r

Re: [PacketFence-users] How to get large number of devices into packetfence?

Hello Sh1ndy, at first, add your switch in Testing mode to PF. Then configure your ports on the switch like in production. In this state PF sends out “OK/Allowed” to every request from your switch but adds every client to PFs database. Let it run like this for some days until you have all your

Re: [PacketFence-users] How to get large number of devices into packetfence?

Hello Sh1ndy, instead of adding a switch by single IP address, you can enter an IP address range like 10.0.1.0/24. Setup your switches as “testing” and let them run for a while. All your connected devices will pop up in PF. Kind regards Johannes Johannes Mudrich Mitarbeiter Verwaltung, IT

Re: [PacketFence-users] Compatibility with PacketFence v9.0.0 and Aruba 6300M CX-OS

Hi Mark, just had another look at the repository. Looks like the naming of the modules is a bit misleading. The “Aruba Networks” module is only for the wireless controllers. There are some new modules in the repository which are missing at least in my installation. Even though I recently upgrad

Re: [PacketFence-users] Compatibility with PacketFence v9.0.0 and Aruba 6300M CX-OS

Hi Mark, I was also testing Aruba CX switches some month ago. I used PF12 and the “Aruba Networks” type in my test environment. So I’m not sure if this applies to you. That’s what I did: (config)# radius-server host [Radius IP] key [Radius PW] (config)# radius dyn-authorization enable (config

Re: [PacketFence-users] Compatibility with PacketFence v9.0.0 and Aruba 6300M CX-OS

Hi Again, I just had a look into the Github repository and found something: packetfence/docs/network/networkdevice/aruba_switchs.asciidoc at devel · inverse-inc/packetfence · GitHub Maybe thi

[PacketFence-users] V12.2 Radius-Filter bug?

Hello everyone, I might have found a bug in the current version. In version 12.1 I created a RADIUS filter with the following condition: (starts_with(node_info.mac, "c8:66:5d") || starts_with(node_info.mac, "90:b8:32")) && defined(node_info.regdate, "") I actually created the condition in basic

[PacketFence-users] Templates for User creation

Hello everyone, is it possible to create templates for the user creation? I'd like to preset some fields to make it as easy as possible to create guest users. Thanks Johannes Johannes Mudrich Mitarbeiter Verwaltung, IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Stra?e 22 39638 Gardelegen T

Re: [PacketFence-users] Basic Config for Procurve Switch

nd regards Johannes Johannes Mudrich Mitarbeiter Verwaltung, IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de> Von: Mudrich, J. via P

Re: [PacketFence-users] Basic Config for Procurve Switch

legen Tel.:03907 791229 Fax.:03907 791248 Mail:j.mudr...@altmark-klinikum.de Von: Mudrich, J. via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Gesendet: Mittwoch, 1. März 2023 10:29 An: PacketFence-users Cc: Mudrich, J. Betreff: Re: [PacketFence-users] Basic Config fo

[PacketFence-users] Clustering over different subnets

Hello everyone, I'm trying to figure out how to set up a cluster over two different subnets. I just need a DB replication for my two servers. So I read through the clustering guide. But I'm a bit lost. There are several sections where it's mentioned you need at least 3 servers. But there is no

Re: [PacketFence-users] secure AP Uplink Ports

authentication. WiFi Clients are automatically allowed on the switchport. You must configure 802.1x/MAC auth on the WiFi Controller/AP to authentication the WiFi clients. I am only using HPe but other vendors should be able to switch the 802.1x Authentication to Port-based, too. Best Regards

Re: [PacketFence-users] secure AP Uplink Ports

ed authentication. WiFi Clients are automatically allowed on the switchport. You must configure 802.1x/MAC auth on the WiFi Controller/AP to authentication the WiFi clients. I am only using HPe but other vendors should be able to switch the 802.1x Authentication to Port-based, too. Best Regard

Re: [PacketFence-users] secure AP Uplink Ports

tion to Port-based, too. Best Regards Michael Weber Von: Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> Gesendet: Mittwoch, 22. März 2023 07:26 An: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Mudrich, J.

Re: [PacketFence-users] secure AP Uplink Ports

-based, too. Best Regards Michael Weber Von: Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> Gesendet: Mittwoch, 22. März 2023 07:26 An: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Mudrich, J. m

Re: [PacketFence-users] secure AP Uplink Ports

egistering the node (AP). Regards Mirko Il giorno mar 21 mar 2023 alle ore 15:19 Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> ha scritto: Hello everyone, I have another question regarding port security: Is there any way I can secure a port on an edge

Re: [PacketFence-users] secure AP Uplink Ports

m/user/akamaitechnologies?feature=results_main> On Mar 21, 2023, at 8:11 AM, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello everyone, I have another question regarding port security: Is there any way I can secure a port on an edge

[PacketFence-users] secure AP Uplink Ports

Hello everyone, I have another question regarding port security: Is there any way I can secure a port on an edge switch where an access point is connected? I'm thinking of a scenario where someone takes a ladder, pulls the cable from an access point and connects his own device. Maybe some mechan

[PacketFence-users] Switch IP range vs. IP

Hello everyone, I'm just curious how PF works here: If a add a switch with an IP address of 10.1.1.140 and another "switch" with an IP range of 10.1.1.128/25 and yet another one with 10.1.1.0/24. Which configuration will PF use if a request comes from 10.1.1.140? Would be nice if PF always uses

Re: [PacketFence-users] EAP-TLS Configuration

APTLS or Authorize authentication source and assign it to a connection profile where you set the filter to sub_connection_type = EAP_TLS. Let me know if you are stuck at some point. Regards Fabrice Le mer. 15 mars 2023 à 07:45, Mudrich, J. via PacketFence-users mailto:packetfence-us

Re: [PacketFence-users] EAP-TLS Configuration

hentication source and assign it to a connection profile where you set the filter to sub_connection_type = EAP_TLS. Let me know if you are stuck at some point. Regards Fabrice Le mer. 15 mars 2023 à 07:45, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.

Re: [PacketFence-users] EAP-TLS Configuration

s 2023 à 07:45, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> a écrit : Hello again, I’m trying to configure PF for EAP-TLS authentication. I couldn’t find any comprehensive guide or manual so I hope you can help. I would like to use the internal P

[PacketFence-users] EAP-TLS Configuration

Hello again, I'm trying to configure PF for EAP-TLS authentication. I couldn't find any comprehensive guide or manual so I hope you can help. I would like to use the internal PKI. That's what I already set up. Maybe someone can walk me through this? Some wild guesses: I think I need to set up a

Re: [PacketFence-users] change HTTPs cert; chain invalid

iN_JWTAF2wNAtm7Q0yiPq1inEXqCJf6OU17Z1QSAcMRplq9HkjPsn9_fMaIzvgm$> On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I would like to change the existing HTTPs cert. So I created one in my own CA. Added the cert

Re: [PacketFence-users] change HTTPs cert; chain invalid

mages/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I would like to change the existing HTTPs cert. So I created

[PacketFence-users] change HTTPs cert; chain invalid

Hi, I would like to change the existing HTTPs cert. So I created one in my own CA. Added the cert and key into Configuration -> System Configuration -> SSL Certificates. Then I added my CA root cert to /usr/local/share/ca-certificates and ran update-ca-certificates. It's now present in /etc/ssl

Re: [PacketFence-users] What to restart or reload after Roles Configuration

company/akamai-technologies>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Mar 6, 2023, at 3:19 AM, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote

[PacketFence-users] What to restart or reload after Roles Configuration

Hi, I added a bunch of new Roles in PF. But they are not available for assignment to the nodes. I tried to restart several services but with no luck. Only after a complete reboot the roles where available. But then after reassigning the roles the status tab still shows nodes with my old roles.

Re: [PacketFence-users] Basic Config for Procurve Switch

ies>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Feb 22, 2023, at 8:00 AM, Mudrich, J. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I am pret

[PacketFence-users] Basic Config for Procurve Switch

Hi, I am pretty new to the NAC stuff and I am currently evaluating PackentFence. What I try to achieve: Block the Ports on my switch (procurve 2510) when an unknown MAC is detected. If the MAC is registered/known, unblock the Port. What I have done so far: PacketFence server is running with basi