Hello,
I'm currently implementing PacketFence as our NAC in a institution for
guests. One of the features we are required by the federal government is to
keep log of every website our visitors are using. We were using pfsense
along with SquidGuard to register info like: MAC Address, login and webs
Yes, I am!
Em qua, 13 de jun de 2018 11:57, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
> Hello Murilo,
>
> are you using PacketFence in inline mode ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-06-13 à 09:52,
t :
>
> Yes, I am!
>
> Em qua, 13 de jun de 2018 11:57, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> escreveu:
>
>> Hello Murilo,
>>
>> are you using PacketFence in inline mode ?
>>
>> Regards
>>
>&g
e using this:
>
> https://github.com/gamelinux/passivedns
>
> We run a cron script to purge the collected data after x number of days.
>
> MJ
>
>
> On 06/13/2018 03:52 PM, Murilo Calegari via PacketFence-users wrote:
> > Hello,
> >
> > I'm currently implem
ns requests done by the
> > inline clients, plus their mac address. We are using this:
> >
> > https://github.com/gamelinux/passivedns
> >
> > We run a cron script to purge the collected data after x number of days.
> >
> > MJ
> >
> >
Hi,
We're currently in a phase of testing PacketFence to put it in productions
at our school (approximately 1000 not simultaneously students + a few
guests), but even during our testing phase (with none or up to 2 connected
devices) we are facing an issue we haven't been able to deal with it.
Once
ity of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> From: Murilo Calegari via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
&g
gt;> Belton, Texas
> >> 76513
> >>
> >> Fone: 254-295-4658 <(254)%20295-4658>
> >> Phax: 254-295-4221 <(254)%20295-4221>
> >>
> >> From: Murilo Calegari
> >> Sent: Tuesday, July 3,
temd/system/
>
> cp /usr/local/pf/conf/haproxy-portal.conf.example
> /usr/local/pf/conf/haproxy-portal.conf
>
> cp /usr/local/pf/conf/haproxy-db.conf.example
> /usr/local/pf/conf/haproxy-db.conf
>
> systemctl daemon-reload
>
> yum update haproxy --enablerepo=packetfence
Hi,
We have PacketFence installed in our environment using Inline Enforcement.
We've got a valid SSL certificate, but when some users try to go to
websites like google or youtube, they receive a
"ERR_CERT_COMMON_NAME_INVALID" error, apparently, Chrome browser (and even
Android) isn't recognizing t
g, 13 de ago de 2018 às 22:35, Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
> Hello Murilo,
>
> you can't bypass that, it's why there is some captive portal detection
> mechanism on devices.
>
> Regards
>
> Fab
Hi,
Logs are stored by default in /usr/local/pf/logs. You'll see that each
service has it's own *.log file and a few others that were rotated by
PacketFence.
Regards,
Murilo Calegari de Souza
Em ter, 14 de ago de 2018 22:08, Maile Halatuituia via PacketFence-users <
packetfence-users@lists.sour
> Sincerely,
>
> Murilo Calegari de Souza
>
> Em seg, 13 de ago de 2018 às 22:35, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> escreveu:
>
>> Hello Murilo,
>>
>> you can't bypass that, it's why there is some cap
Hello,
In Brazil we've got a form of Social Security number called "CPF". We
received some code from another place that uses PacketFence as NAC
solution, but they were in version ~ 6.
The code validates CPF within the Authentication.pm file, as following:
[...]
use strict;
use va
rs qw($VCPF $CP
Hi,
We're currently trying to add AD authentication on our PacketFence
environment. We've joined the server to the domain and added it as DEFAULT
and NULL realms. We also added it in Authentication Sources as "AD".
But whenever an user tries to authenticate against the AD, the following
error is t
Hi Nicolas,
Following error is thrown:
Error! Can't connect to server or bind with 'actinv' on 172.16.144.2:389
Regards,
Murilo Calegari de Souza
Estagiário da TI
Coordenadoria de Tecnologia da Informação
Instituto Federal do Espírito Santo – Campus Nova Venécia
27 3752 4311 ramal 43112
Em q
Hello, Nicolas,
I've tried doing the same configuration here in our environment, setting it
to listen on port 443 (HTTPS), but after reloading the config nothing seems
to happen — PacketFence still keeps listening on port 1443. What might be
causing this issue?
Regards,
Murilo Calegari de Souza
It worked now, thanks!
Em ter, 2 de out de 2018 10:37, Nicolas Quiniou-Briand
escreveu:
> Hello,
>
> On 2018-10-02 09:18 AM, Murilo Calegari wrote:
> > I've tried doing the same configuration here in our environment, setting
> > it to listen on port 443 (HTTPS), but after reloading the config no
Hi,
We have in our school a NPS server that provides RADIUS authentication. It
works fine in other systems, but when adding it in PacketFence it doesn't
work as authentication source.
On the NPS server,I have already created PacketFence server as client and
added its own rule. On PacketFence side
abrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
> Hello Murilo,
>
> does your NPS server is configured to do chap ?
>
> When you say the NPS provides RADIUS Authentication, what kind of
> authentication ?
>
> Regards
>
> Fabrice
&g
ge.net> escreveu:
>
>> Hello Murilo,
>>
>> does your NPS server is configured to do chap ?
>>
>> When you say the NPS provides RADIUS Authentication, what kind of
>> authentication ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>
27 3752 4311 ramal 43112
>>
>>
>> Em ter, 23 de out de 2018 às 18:40, Durand fabrice via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> escreveu:
>>
>>> Hello Murilo,
>>>
>>> does your NPS server is configured to do chap
Hi everyone,
We noticed that in order to get Google OAuth source working, it was
necessary to give free and unmonitored access to all google.com domains and
also *.gstatic.com domains.
These two combined made Captive Portal detection in Android smartphones
very unstable and not to mention that giv
around the school.
>>>
>>> Regards,
>>>
>>>
>>> Murilo Calegari de Souza
>>> Estagiário da TI
>>> Coordenadoria de Tecnologia da Informação
>>> Instituto Federal do Espírito Santo – Campus Nova Venécia
>>> 27 3752 4311 ram
Hi,
I'm no PacketFence expert, but I believe you have to create a Node (this
function was just corrected in PF 8.2) and set its Bypass Role. If this
doesn't work, try to set it to Registered, with a specific role, and an
Unregistration date set to something before January 18th 2038.
Regards,
Mu
Hi, Jessica,
Have you tried editing the resolve.conf file in /etc? You should add a line
like "nameserver [DNS_IP]"
I believe that if you have a static address assigned via PF and network
manager disabled, as stated in the docs, you won't have problems of this
configuration being overwritten. But
Hi everyone,
Recently we've had a power outage and UPS system couldn't take it. This
caused PacketFence server to unexpectedly hard shutdown. I noticed on the
System Graphs that CPU Usage was quite high (this server is quite not in
production yet, I think there are maybe 6 people using it) and tha
Hi,
We've got two Inline Layers in our network currently (one for Guest and the
other for students, on different VLANs and different virtual interfaces).
Currently they're both being redirected to a pfsense firewall at eth0
(configured in Inline -> SNAT Interface). Is it possible to specify one
di
Hi,
We've an Wi-Fi WPA2Enteprise configuration with PEAP authentication against
PacketFence. Today our users have to manually select on CA Certificate as
"Do not validate" (direct translation). How can we configure this? Which
procedures on the docs do I need to follow?
Regards,
Murilo Calegari
Hi, Peter,
I think eduroam as a Radius source isn't working yet, just as a Login
source (via portal). There's an open pull request at Github which adds
supports for Radius proxy and, I hope so, Eduroam login via RADIUS.
Regards,
Murilo
Em sex, 30 de nov de 2018 13:53, Peter Eriksson via PacketF
Hi everyone, is the token for the API designed to expire? If so, after how
much time? Can I configure this amount of time?
Regards,
Murilo Calegari de Souza
Estagiário da TI
Coordenadoria de Tecnologia da Informação
Instituto Federal do Espírito Santo – Campus Nova Venécia
27 3752 4311 ramal 431
Hi, Enrico,
I believe that the device's hostname is actually a property defined by the
device, not PacketFence.
If you actually mean the device's owner, the default username is "default",
after registration it will receive a username depending of the
authentication source you've chosen.
Regards,
Hi everyone,
PacketFence is generating a packetfence.log file that goes up to 1 GB of
space; is it possible to reduce its log level? Perhaps to Warning, Error or
even zero...
Hope someone can help!
Regards,
Murilo Calegari de Souza
Estagiário da TI
Coordenadoria de Tecnologia da Informação
Ins
Hi,
We had the same problem here in our environment: fingerbank.log was really
heavy, CPU usage was high and I was tired of receiving API Usage limit
e-mails (ok, the last one I can blame on myself). At the end, we just
disabled Fingerbank service temporally.
Regards,
Murilo Calegari de Souza
Es
Hi, Ahmad,
Please, read these docs:
https://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc
Notice that:
Upgrade notes for a given upgrade path are cumulative. That is to say, if
you are upgrading from version 5.3 to version 6.0 you must apply in order
all changes in between the
Hi,
We've got two inline layer in two different VLAN on our environment, one is
an open SSID and the other is a RADIUS VLAN assignment managed by
PacketFence.
If I connect to Inline layer via the open SSID, without RADIUS, I 95 Mb of
internet speed, if I connect to the RADIUS assigned one (pointi
ers@lists.sourceforge.net> escreveu:
> On 2018-12-28 4:50 PM, Murilo Calegari via PacketFence-users wrote:
>
> > We've got two inline layer in two different VLAN on our environment,
> > one is an open SSID and the other is a RADIUS VLAN assignment managed
> > by PacketFe
ts.sourceforge.net> escreveu:
> How the network interfaces are configured ?
>
> Like what is the speed/duplex mode of each inline l2 interfaces ?
>
> Regards
>
> Fabrice
>
>
> Le 19-01-03 à 18 h 23, Murilo Calegari via PacketFence-users a écrit :
>
> Both VLANs h
Hi, Enrico,
We have a similar setup in our environment, just point the specifics roles
to the Inline VLANs and enable auto registration in the profile settings.
Regards,
Murilo
Em dom, 20 de jan de 2019 15:34, Enrico via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
>
I've got the same question! Is it possible to define multiple portal FQDNs
which PacketFence listens to?
Em qui, 24 de jan de 2019 às 10:34, Christian McDonald via
PacketFence-users escreveu:
> Greetings,
>
> The default FQDN of the captive portal that appears in users browsers is
> simply the F
These issues are often in my environment too, but it does not happen on all
users...
Em sex, 25 de jan de 2019 16:23, Christian McDonald via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
> Hello,
>
> I have a fresh install of PF 8.3 on CentOS7. All I have done is bind to
Hi, Blake,
Please post packetfence.log and radius.log for the authentication of a
specific device.
Regards,
Murilo Calegari
Em qua, 30 de jan de 2019 19:36, William Blake MacIsaac via
PacketFence-users escreveu:
> Hello All,
>
> I'm having a heck of a time setting up Packetfence with 802.1X W
Hi,
When I was installing PacketFence I remembered that using just the account
as bind username wouldn't work, so I used domain\username and it worked (I
didn't actually tested username@domain). If you say that when you do just
"Administrator" you receive the same error then I think this is worth
Hi,
We have our Management interface as 172.16.144.45 with subnet mask
255.255.252.0. I need that the server that hosts PacketFence connect to
another server at 172.16.0.44, I have the necessary route set up in my
switch at 172.16.144.100 (both networks (172.16.144.0 and 172.16.0.0) are
on differe
Hi,
Have you tried adding RADIUS as an additional daemon listening on the
management interface?
Regards,
Murilo
Em ter, 19 de fev de 2019 04:11, Tony W via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:
> Hi Fabrice,
>
> Thank you for your help so far.
>
> My interface
45 matches
Mail list logo