Eugene,
Make sure that PacketFence (not your own infrastructure DCHP server) is handing
out IP addresses on the registration network. Also, make sure that you added
the portal module to your wireless VLAN in PacketFence under the Networks tab
(I think the box is labeled “Additional
All,
I am wondering if it is possible to define multiple VLANs per role and let the
user choose which VLAN they want on. We have some users that will need to get
on different VLANs at different times from a single account. Anyone have any
guidance?
Thank you,
Timothy Mullican
Sent from
All,
I am trying to implement PacketFence on my network. I have added G Suite and
SAML as an authentication method and that works. The problem I have is that we
have several departments that operate on different VLANs. Is it possible to use
certain attributes from a SAML source to determine the
>>> Hi Tim,
>>>
>>> As usual, your comments are invaluable ;)
>>>
>>> Looking at the guide which is in asciidoc to see how to properly deal with
>>> Unifi. Would be nice to see pictures as they are missing.
>>>
>>> Also, do I need to re
s / dot1x
> / interface“ config did not work with our switches, we had to explicitly name
> the interfaces there.
>
>
> Von: Timothy Mullican via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> Gesendet: Donnerstag, 1. Februar 2018 18:11
> An: packetfe
By the way,
Fabrice Durand already added code to do this in pull request #2735 on github.
See
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/2735.patch
You can apply that patch to get it working. Also see
Also have a look at the “[PacketFence-users] Ubiquiti UniFi AP Captive Portal”
thread for my steps taken.
Tim
Sent from mobile phone
> On Feb 1, 2018, at 10:17, David Harvey wrote:
>
> Many thanks for the tips. With your guidance I've been following the
>
David,
Your understanding is correct. Currently the UniFi only supports
deauthenticating a client using the controller API and not using CoA. It is
possible to enable RADIUS CoA for a single SSID and frequency, but this may not
be useful for you. This is because the UniFi runs a separate
Fabrice,
I’m not sure, but is his error due to the following?
The function deauth_source_ip (lib/pf/Switch.pm) is expecting the IP address to
deauth, so it can determine the source interface to use in PacketFence. It is
present in the default radiusDisconnect function, but
Can you post your entire switch config (scrubbed of sensitive info) and your
/usr/local/pf/conf/switches.conf file?
Thanks,
Tim
Sent from mobile phone
> On Jan 4, 2018, at 07:19, André Scrivener wrote:
>
> Timonthy,
>
> After I changed to radius, I no longer look
On Jan 3, 2018, at 07:50, Fabrice Durand via PacketFence-users
>> <packetfence-users@lists.sourceforge.net> wrote:
>>
>> I tried to add the DAS parameter directly in the configuration file of the
>> AP and it works (CoA), but the limitation is that yo
parameter directly in the configuration file of the AP
> and it works (CoA), but the limitation is that you can enable it only on one
> ssid.
>
> https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2017-12-29 à 16:
André,
The message “Until CoA is implemented we will bounce the port on VLAN
re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your
deauthentication method for the Switch (in PacketFence) is set to SNMP (see
ed to add the DAS parameter directly in the configuration file of the AP
> and it works (CoA), but the limitation is that you can enable it only on one
> ssid.
>
> https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
>
> Regards
>
> Fabrice
>
>
>
>> Le
in the
link. Please let me know if you have any questions.
Thanks,
Tim
Sent from mobile phone
> On Jan 2, 2018, at 21:03, Timothy Mullican via PacketFence-users
> <packetfence-users@lists.sourceforge.net> wrote:
>
> Eugene,
>
> The patch is mandatory in order for
Eugene,
The patch is mandatory in order for PacketFence to recognize that the UniFi
supports 802.1x (and MAC-based auth). As for the controller, you should be able
to get away without it if you do not need dynamic VLAN assignment. However,
without the controller, PacketFence will not be able
I am running UniFi AP 3.9.15.8011 and Controller 5.6.26 (I’m using
linuxserver/UniFi docker image on CentOS 7.4).
First, make sure you applied the UniFi patch (see
Eugene,
Just a thought, but can you change the deauthentication method to HTTPS and
specify the UniFi controller IP? See my setup below:
https://i.imgsafe.org/0c/0cff2c7f19.png
https://i.imgsafe.org/0c/0cff2dfd99.png
My UniFi AP is 192.168.20.7
My UniFi controller is 192.168.20.6
This is my
Hello,
I was wondering if it is currently possible for PacketFence to authenticate
802.1x (FreeRADIUS) requests against an external provider (e.g., Okta —
OAuth2/SAML). I see that the PacketFence captive portal auth currently supports
SAML and OAuth2, but 802.1x uses different authentication
ect I need to setup 2 WIFI-SSID's to get PF to work:
- One open SSID where users can register their device on the captive portal
page
- One 802.1X protected SSID with Radius assigned VLAN's and mac-address
authentication. When the user has registered his or her device they now can
c
s can register their device on the captive portal
page
- One 802.1X protected SSID with Radius assigned VLAN's and mac-address
authentication. When the user has registered his or her device they now can
connect to this protected SSID.
Best regards,
Geert
2017-12-12 23:53 GMT+01:0
Durand
Subject: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal
Hello Guys,
just upgraded my controller and oh surprise dynamic vlan assignment disappear
Regards
Fabrice
Le 2017-12-13 à 02:40, Timothy Mullican via PacketFence-users a écrit :
Geert,
First in order to use 802.1x (
c: Fabrice Durand
> Subject: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal
>
> Hello Guys,
>
> just upgraded my controller and oh surprise dynamic vlan assignment disappear
> ....
>
>
> Regards
> Fabrice
>
>
> Le 2017-12-13 à 02:40, Timothy Mullican v
authentication. When the user has registered his or her device they now can
connect to this protected SSID.
Best regards,Geert
2017-12-12 23:53 GMT+01:00 Timothy Mullican via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
Fabrice,I am running UniFi controller version 5.6.
fe.org/0a/0ace4cd6a1.png
https://i.imgsafe.org/0a/0ace7ddd1e.png
Thanks!
On Tuesday, December 12, 2017, 5:48:27 PM CST, Timothy Mullican via
PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
Fabrice,I am running UniFi controller version 5.6.22 and UniFi AP-AC-
, 2017 10:13:36 AM CST, Fabrice
Durand via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
You probably have to update the controller version.
Le 2017-12-12 à 10:30, Timothy Mullican via PacketFence-users a écrit :
Fabrice, On the UniFi cont
/unifi-radius.png
>
> Regards
>
> Fabrice
>
>> Le 2017-12-12 à 01:37, Timothy Mullican via PacketFence-users a écrit :
>> Hello all,
>> I am trying to setup a proof of concept using an Ubiquiti UniFi UAP-PRO with
>> the following setup:
>>
>> Cisco 35
Hello all,
I am trying to setup a proof of concept using an Ubiquiti UniFi UAP-PRO with
the following setup:
Cisco 3560-E L3 Switch
UniFi UAP-PRO
UniFi Controller running on CentOS 7.3 (docker) on ESXi
PacketFence running on CentOS 7.3 on ESXi
The Cisco switch has the following VLANs:
VLAN 2 -
28 matches
Mail list logo