On 09/26/2012 11:06 AM, Olivier Bilodeau wrote:
...
>
> I filed http://packetfence.org/bugs/view.php?id=1556 and I am having a
> hard time to reproduce.
>
> We are bitten by this also in our build system.
>
> Yes, we require 1.36 because they changed their API in 3.x and
.
We are bitten by this also in our build system.
Yes, we require 1.36 because they changed their API in 3.x and we
haven't updated our code yet.
Pinning a version *should* work so I wonder what is going on here..
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :
On github, you can see a specific commit with /commit/
https://github.com/inverse-inc/packetfence/commit/c49873873
If you append .diff to it, you get a patch:
https://github.com/inverse-inc/packetfence/commit/c49873873.diff
Patch can be applied from /usr/local/pf with:
patch -p1 <
Cheers!
--
nohup. Once it crashes see the trace left.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
---
se people will have problems
with the captive portal (MAC to IP resolution).
What version are you running? A lot have happened in that area in the
last few releases.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.
bottlenecks lately and you
can help also if you want.
Here are incredible tools for MySQL performance analysis:
http://www.percona.com/doc/percona-toolkit
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo
haps 15.
>
We figured that named is pretty performant. I'm open to increasing it
though. I guess 15 sounds good given the redirection delay we have in
our release page.
Done: https://github.com/inverse-inc/packetfence/commit/7f053ef5a
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.5
eems that
> chrome is smart enough to figure out that you are redirecting and throws up a
> nasty warning.
>
I think chrome is reaching for google.com through HTTPS by default. This
will cause certificate errors since we don't have the proper google.com
certificates.
--
to accomplish so we might rejuvenate
the skip feature?
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
ch:
https://github.com/inverse-inc/packetfence/commit/757b76239a99ec5345186e16934113279e2da0ba.diff
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
---
t the time?
And what IP did 21:31:41:51:61:71 have?
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
day.
> Or anyone know an solution that could we implament in the hostsystem?
> (CentOS 6)
This should be the responsibility of your network equipment. BUT in
inline enforcement you could do something with traffic control. Warning:
it is not going to be a user friendly experience.
--
Olivie
ocolRead = MD5
> SNMPAuthPasswordRead = authpwdread
> SNMPPrivProtocolRead = DES
> SNMPPrivPasswordRead = privpwdread
> SNMPUserNameWrite = writeUser
> SNMPAuthProtocolWrite = MD5
> SNMPAuthPasswordWrite = authpwdwrite
> SNMPPrivProtocolWrite = DES
> SNMPPrivPasswordWrite = privpwdwrite
&
e files from dag
>
> How can I clean this up so I will be able to update in the future?
> Everything appears to be working with PF.
Remove or permanently disable the dag repo.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :
/rpm/rpmforge.php
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
--
Live Security Virtual Con
w)
Can you tell me if you see lines like these in your logs/packetfence.log
file?
WARN: Unknown NAS-Port format. ifIndex translation could have failed.
VLAN re-assignment and switch/port accounting will be affected.
Oh and I just pushed a new 2960G module which does exactly the same
thing as the
st fine.
It could be some sort of regression.
> I have had the below error ever since I installed PacketFence 3.5. I
> just did an update to 3.5.1. I do not know if the errors are related
Can you post the content of logs/packetfence.log instead? Please try to
keep it short.
Regards,
--
Olivi
p://www.packetfence.org/documentation/guides.html
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
ion that
> you allow AAA override, which allows the different vlans be set by
> radius server.
>
This is already covered in our guide.
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and Pack
nk to /pay which will show the billing engine and comment the
following block from redir.cgi:
if ( isenabled($portalSession->getProfile->getBillingEngine) ) {
$logger->info("$mac redirected to billing page");
pf::web::billing::generate_billing_page($portalSession
ry to change the vlan using SNMP... you are using
> MAB/802.1X aren't you?
>
>
To be fair, we force 802.1X re-authenticate w/ SNMP and we bounce the
port for MAC-Auth w/ SNMP so yes, your SNMP write communities need to be
set correctly.
--
Olivier Bilodeau
obilo
545
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
commit 4e7e8a8123ef2fab1ba3a4bca348d4083d683d40
Author: Olivier Bilodeau
Date: Tue Sep 11 14:28:51 2012 -0400
matching ex
66) INFO: Executing pfcmd service pfdhcplistener
> status (main::service)
> Sep 07 15:26:33 pfcmd(2066) INFO: /usr/local/pf/sbin/pfdhcplistener status
> (pf::services::service_ctl)
> Sep 07 15:26:33 pfcmd(2066) INFO: pfdhcplistener pids eth0.3299 => 2067,
> eth0.3199 =&
file
permissions
http://packetfence.org/bugs/view.php?id=1544
to track this specific issue.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFenc
with
your WLC instead of a switch.
Hope this helps.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
you run on the 2960G? I'm thinking it could be related
to an IOS change and not hardware revision.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(
On 09/10/2012 09:26 AM, Dan Nelson wrote:
...
>
>
> I will test out the change and let you know. Hopefully that is all it
> was.
>
I'm pretty sure this is the case.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. ::
In 3.5.0 FreeRADIUS is completely integrated inside PacketFence and
configuration needs to be adjusted manually. I hope you followed UPGRADE.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and Pa
at the
> same time.
Set max nodes per pid to 1 under Configuration -> Node Categories to the
'default' category.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and P
wired and wireless networks with the PacketFence solution.
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org
s:
- provision guest accounts in the Web Admin: Person -> Manage guests.
You probably need to enable something in the configuration.
- add real user accounts. With the local back-end accounts are simply
htpasswd entries in /usr/local/pf/conf/user.conf. Other authentication
back-ends link to AD,
bably be best (instructions about no hub
policy and contact details, etc.) but we can't do that right now
unfortunately.
[1]: http://www.packetfence.org/bugs
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) an
>
>
>
>
>
> -Message d'origine-
> De : Olivier Bilodeau [mailto:obilod...@inverse.ca]
> Envoyé : vendredi 31 août 2012 13:44
> À : packetfence-users@lists.sourceforge.net
> Cc : Olivier Dumon
> Objet : Re: [PacketFence-users] Issues with PF 3.5
put:
rpm -q packetfence
ls -l /usr/local/pf/conf/{pf,float,network}*.conf*
Thanks!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
n reproduce the problem and do a:
show log
Good luck!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
--
get
feature/ipset, grab a patch and apply the patch. That's definitely the
simplest.
Let me know if you have further questions or ideas to make that work
more smoothly.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :
On 08/30/2012 11:07 AM, Steve Cole wrote:
> On 12-08-28 09:24 AM, Olivier Bilodeau wrote:
>> See this message archived:
>> http://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg03044.html
>>
>> Regards,
>
> Unfortunately...
>
> root@
ed to support RADIUS AAA, VLANs and
offer a means for PacketFence to de-authenticate a client based on its MAC.
Inline would work fine even w/o the smart switch. There's an open ticket
on it right now but it should be fixed soon.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4
ll a problem, the best would be for us to have your log
file. Write down current time on the server. Connect, reach the captive
portal, register, be deauthenticated, wait for your wireless to
reconnect. Write down end of test time.
Send us the /usr/local/pf/logs/packetfence.log file trimmed of
agically if you followed the setup instructions.
There should be a 'registration' VLAN interface on the server and it
must be configured in pf.conf and networks.conf. Steps that are covered
in the web configurator and administration guide.
Cheers!
--
Olivier Bilodeau
obilod...@invers
a violation on the node will have the node sent in isolation.
You can do so manually from the node tab of the Web Admin interface.
Open a generic violation.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.s
es.conf).
In VLAN mode, users (guest or not) are assigned the normal VLAN once
registered. There is no need to configure the normal VLAN at the web
configurator stage and it is not even mandatory for PacketFence to have
an interface in that VLAN (think routed networks support).
Cheers!
--
Olivier
w.mail-archive.com/packetfence-users@lists.sourceforge.net/msg03044.html
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(w
tFence's management IP.
> - Can I use windows radius server with packetfence.
>
For authentication? Yes. Just proxy the authentication with small
changes to the FreeRADIUS configuration. I think we have a FAQ entry on
our website that explains how to proxy to Cisco
elcome.
>
I think you are bitten by this issue:
http://packetfence.org/bugs/view.php?id=1424
Fabrice does the feature/ip-set branch fixes this?
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and Packet
do so and provide the above option, just
alter the /usr/local/pf/conf/dhcpd.conf file with the proper options for
your scope.
>
>
>
> Question:
>
> What interface type do we select for each of the above, since the PF
> server configurator page only presents the options “Ma
o avoid isolated devices infecting new
devices.
> *
> *When I use it ?*
When a node has an open violation with action trap, it's sent in
isolation instead of normal.
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behin
trunk ports are not allowed and so you
must create sub-interfaces per VLAN in your VM host and map that to
interfaces in the VM guest.
The native VLAN is controlled on the switch side and yes you can put
whatever you prefer.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.49
rson.pid and node.pid. CJackson should exist in
the person table before you try to assign a node to it.
This is something that is getting reworked.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inve
/else decision
> loop, I can't see an issue with it either (I am not a full-time programmer).
>
This shouldn't be the case. Can you open a ticket at
http://packetfence.org/bugs and provide all the info in this email please?
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :
landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
>
> ___
> Pack
Could you spot me
> for this direction?
You could use the iplog to correlate that information. mac <-> ip and
time is stored there. However timing would be important especially if
IPs are re-used often in registration.
Cheers!
--
Olivier Bilode
22263/
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Olivier Bilodeau
obilod...@i
jaw/sfrnl04242012/114/50122263/
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Olivier Bilodeau
obilod...@inverse.ca
iguration then the node
could be deleted.
whew..
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
---
provide a better diagnostic. But I can
only do this after we ruled out MySQL being the culprit.
> … or have I been inadvertently exposed to some type of controlled substance…
I lol'ed
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
; early on.
>
> The OS does not see the nic, I've run modprobe just to see if it was a
> driver issue, and checked that the mac was correct.
>
> The nic won't initialize.
>
>
>
> I'm attempting to set up PF in vlan enforcement (not inline) I'm following
> t
g Bamberg
>>
>> Buger Straße 80
>>
>> 96049 Bamberg
>>
>> e-Mail: matthias.ra...@sozialstiftung-bamberg.de
>>
>> Internet: www.sozialstiftung-bamberg.de
>>
>> --
ge
> which port the web configurator runs on so that I can configure PacketFence?
>
For everyone's information, follow this ticket
http://packetfence.org/bugs/view.php?id=1506 if you are interested in this.
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115
tOS-Debuginfo.repo epel-testing.repo mirrors-rpmforge-extras
> openfusion.repo rpmforge.repo
> [root@Packetfence yum.repos.d]#
I see epel-testing but not epel in that list.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inver
!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
--
Live Security Virtual Conference
Exclusive live
2 10:42 AM, Michał Sochoń wrote:
> Yeah, cause I filed it ;)
> Thankfully yum downngrade was succesful.
>
> On Fri, Jun 15, 2012 at 3:40 PM, Olivier Bilodeau
> wrote:
>> On 06/14/2012 02:55 PM, Michał Sochoń wrote:
>>> [root@packetfence pf]# bin/pfcmd interfacec
an respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-
stalled.
>
> installation.pl and configuration.pl are working but when we try to start
> packetfence by service packetfence start the following errors will show up.
>
> http://www.pichost.de/images/0Fiwy.jpg
>
> Please help us it's for education purposes :)
r now... How can i
> achieve that?
It should be trapping.registration=disabled.. Have you restarted
PacketFence after the configuration change?
If so and it still doesn't work, can you post your
/usr/local/pf/var/conf/iptables.conf to the list please.
Cheers!
--
Olivier Bilodeau
obilod...@inverse
e.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
Enjoy our first summer release! I've heard it's best served with sangria.
-
ward_inline%%
in conf/iptables.conf.
It's must easier to debug iptables when the load is very low and with
something like:
# itpables -L -nv > before
generate traffic that should've passed
# itpables -L -nv > after
$ diff -u before after
But again there might be better alterna
I can Find something like that, Thanks !!
>
Is that ok?
https://github.com/inverse-inc/packetfence/blob/stable/docs/images/pf-logo.png
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and
he way it works by default. It means there is something broken
in the client configuration or the server configuration.
What type of EAP is your client doing? EAP-TLS/PEAP-MSCHAPv2?
What's in your /etc/raddb/eap.conf and
/etc/raddb/sites-enabled/packetfence and packetfence-tunnel?
Cheers!
/ sleeps in
between) and see if that properly disconnects the client
- change deauthenticateMac to _deauthenticateMac and
_deauthenticateMacSNMP to deauthenticateMac. This will replace the
RADIUS Disconnect deauth technique with the SNMP one and test again
In any case, let us know of the result.
-
t;
> http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html#wp934687
>
>NOTE: This is no longer relevant since we rely on RADIUS
> Disconnect by default now.
>
Cheers!
--
Olivier Bil
Note: Re-adding the list.
On 05/31/2012 12:02 PM, Barry Quiel wrote:
> On 5/31/2012 6:37 AM, Olivier Bilodeau wrote:
>> You are having the weirdest problems..
>
> That goes without saying :-D
...
Your output all looks fine. I seriously don't understand what's going on
"dhcpd"} in pattern match (m//) at
> /usr/local/pf/lib/pf/pfcmd/checkup.pm line 369.
> FATAL - please define exactly one management interface
> FATAL - internal network(s) not defined!
>
Can you run and send us the output of:
$ perl --version
# rpm -qa perl-Config-IniFi
ned
above.
There's one caveat w/ a workaround that you need to be informed about:
#1050: Force DHCP to send DHCPNACKs to client that juste changed VLAN
that insist on getting an invalid IP
http://packetfence.org/bugs/view.php?id=1050
Hopefully this made things clearer.
--
Olivier B
On 05/23/2012 09:28 AM, remi.desgra...@telecom-bretagne.eu wrote:
> It's clear now, thank you very much
>
> For de-authentication, I must disable SNMP traps too ?
Yes.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leade
es configuration for
> Extreme Switches, but the commands are different than the ones available
> to me on the Summit 200.
What OS are you using? It works on XOS 12.7 and up.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behin
___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Olivier Bilodeau
obilod...@inve
-
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://w
http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/l
dule "perl".
> Error: /etc/raddb/sites-enabled/default[450] : Errors parsing post-auth
> section
>
> is it indispensable?
For wireless, 802.1X or MAC Authentication, yes it is indispensable. Try
removing the 'default' site from sites-enabled/.
--
Olivi
nnect
>
> <http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954>
Thanks to Chinook's Edge for their help finding the issue.
--
Olivier Bilodeau
obilod...@in
FYI we just implemented WDS support for Aironet. Just wanted to let
everyone know since there was demand for it lately.
https://github.com/inverse-inc/packetfence/pull/17
Will most likely be released in our next stable release.
On 05/09/2012 01:35 PM, Olivier Bilodeau wrote:
> Note: added
switch vlans.
>
I wouldn't for the sole reason of performance as the impact is marginal
now (we improved the biggest hit in 2.2.1 or the one later IIRC).
However, for the sake of one's sanity, reducing the number of VLANs can
be a good thing.
--
Olivier Bilodeau
obilod...@inverse.ca
rt-security but that might be a little biased since the
burden is more on FreeRADIUS than on us.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
---
de to the register.cgi file to set the category based
>> on the auth method the user used
The above step is no longer required since the new authentication API.
>> 3) in vlan/custom.pm add some code to return the vlan based on category
Jake's got it!
--
Olivier Bilodeau
o
DES ?
>
>
I don't think we support SNMPv3 without priv or auth. The 'uninitialized
value' are definitely coming from your empty SNMPv3 Priv parameters in
conf/switches.conf.
You are sure that this switch doesn't support DES or 3DES?
Without Priv I see no reas
DES ?
>
>
I don't think we support SNMPv3 without priv or auth. The 'uninitialized
value' are definitely coming from your empty SNMPv3 Priv parameters in
conf/switches.conf.
You are sure that this switch doesn't support DES or 3DES?
Without Priv I see no reas
hitecture too much. Where should the
deauth take place if it's not the NAS-IP then?
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
"staff";
> }
>
> $node_info{'category'} = $category;
>
Looks fine to me.
One small thing. If you have other actions leading to auto registration
(a violation with action=autoreg) then you should be defensive about
$user_name being undef.
Adding
y are the easiest to spoof) and
once you passed the portal, no longer relevant.
Regards,
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (ww
rmation about your underlying Access-Points before I can
tell you if it'll work for you or not.
What Access-Point type(s) are you using?
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo
of using:
return $switch->getVlanByName('customVlanX');
you can directly return the VLAN id:
return 100;
Does that free enough customVlanX for you so that you are fine with 5?
We have plans to migrate the switch configuration to the database and
have a more flexible cus
hrough the web interface), please let me know.
No, conf/iptables.conf is the 'official way' to modify default firewall
configuration.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(
r tcpdump but
you'll have to do them as root (through sudo). Let me know if you need
additional instructions.
Thanks!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
y-ips drop;
>
> SourceFire appliances use that for default policy, based on VRT's estimation
> of the risk/reward. Most rules are alert only. The suggested action appears
> only in the rule, not in the alert message.
--
Olivier Bilodeau
obilod..
s. If it fixes your issue, we will
modify the value we provide by default.
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
--
2010101) but they aren't
that useful due to the way the alert IDs are created (at least for ET).
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(ww
rg/bugs/view.php?id=1423
Bottomline: new implementations (including mobile) were fine and old
were not. Fixing the issue for every DNS client library will probably be
tricky.
What is your client OS and browser? We will try to track down the problem.
Regards,
--
Olivier Bilodeau
obilod..
> This would be quite an improvement regarding our snort integration and I
> would like feedback early please!
>
Quick FYI
I just opened a feature request in our tracker:
http://packetfence.org/bugs/view.php?id=1440
Discussion [or lack thereof] should still happen on the l
e quite an improvement regarding our snort integration and I
would like feedback early please!
Cheers!
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
1 - 100 of 550 matches
Mail list logo