Hi Durand,
What if we use web portal ?
Our authentication source is a OTP server and we hope users come to office and
authenticate themselves one time a day with his username and dynamic OTP
password. If we use 802.1x with OTP auth, we are afraid some windows PCs can't
support well on
Hi Julien,
First of all thank you very much for your fix. Our developer also fix the dump
script in the same way as you provided but your reply makes us feel more
relieved.
About the root cause of this issue, it's detected by Microsoft support. And I
asked him to offer the method and relative
Sorry for my typo, the issue script is not
/usr/lib/python2.7/site-packages/impacket/dcerpc/v5/drsuapi.py ,it's
/usr/local/pf/addons/AD/secretsdump.py this script which lacked of
"DRS_EXT_NONDOMAIN_NCS" flag when sending replication to AD server and caused
AD server rebooting. Hope for your
Hi dear users,
Last year we met a performance bottleneck since we used NTLM authentication
against an Active Directory for 802.1X EAP-PEAP connections. According to your
suggestions, we decided to use NTLM authentication caching module to improve
the performance. Last week we deployed the
Hi Fabrice,
I mean rtml_perl module takes too much time processing requests and drags
radius very slow.
And I see, no need to login but only need to open mgmt_ip:9000. But which
graphics can tell the issue cause ?
Today we did a pressure test with 50 qps (pf+AD authentication) and found the
Hi dear users,
After a whole night??s analysis, we found it??s pf that takes too much time
processing authentication request if the QPS is too high and hangs all radius
requests later and then Aruba AC meets the radius timeout setting and re-sends
the same radius access request to pf while pf
Hi dear users,
Yesterday we deployed pf in our office and today we encountered issues again...
Nearly all users failed their 802.1x authentications with thousands of errors
"No EAP session matching state xxx" . Did anyone meet the same issue before
?
Jan 30 15:03:30 pf-ww auth[19225]:
Hello Yan,
this violation is not enabled by default.
Also if the violation is triggered then you will see it in pfmon.log and
you will probably see deauth request in packetfence.log.
Regards
Fabrice
Le 2018-01-27
Is there a way to disable violation 123 ? It can??t be stopped by disable
it in violation menu in admin GUI.
-- Original --
From: packetfence-users
Date: ,1?? 28,2018 06:15
To: packetfence-users
Hi dear users,
Yesterday our 2 Ruckus AC(a master and a slave, in cluster mode) crashed, and
our network team thought it might be caused by pf...Is there any issue with pf
to integrate with Ruckus AC ? Any special configuration ?
The day before yesterday we deployed pf V7.3 in one of our
Is there any other dependence besides just run "yum update libdrm" ? This
command can't save me...
[root@pf-3 script]# yum update libdrm
fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: ftp.cuhk.edu.hk
* extras: mirrors.cn99.com
* updates:
Hi Fabrice,
It seems to be the same issue you said. The error is as below. I run "yum
--exclude=collectd* update" but the image is still broken. Is there any other
way to fix it ?
Python 2.7.5 (default, Nov 20 2015, 02:00:19)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help",
Hi Fabrice,
Below attached is error detail. Any solution on this ?
Traceback (most recent call last): File
"/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 99, in
get_response resolver_match = resolver.resolve(request.path_info) File
Hi Fabrice,
Thank you very much for your reply. I know about switch fall back and have also
tested is and it works good. What I'm concern is wireless. It seems neither
Aruba AC nor Ruckus AC has fall back mode. So I think I should use the monitor
script as you suggested. But I'm not sure
Hi dear users,
Did your encounter the case when mariadb reached the max connections and
rejected all authentication requests ?
Yesterday morning we met this issue and it cost us about 40 minutes to recover
all services(finally rebooting server resolved our problem). This issue has
very bad
I...
AD2 was just in preparation after I deployed pf2. Several days later, ad2 was
ready but I thought joining domain was just one time action since there were
also a featrue named authentication source. So I nearly forget it until I
reviewed the configuration after the network issue.
We are
Hi Fabrice,
So is there any problem within my configuration which I posted in my previous
mail ?
I ask our network team if cisco acs needs to join domian server, they said no
need. They said they only need to add AD server in cisco ACS for
authentication. What??s the difference between using
Yes. They have the same domain/users but on different servers. Both of them can
authenticate our all users.
-- Original --
From: Fabrice Durand
Date: ,1?? 15,2018 22:13
To: Yan <1136723...@qq.com>, packetfence-users
Hi Durand,
I installed a netdata in my pf server and not found any network issue yet(I'm
learning to use it). But there is another case I'm not sure if it is related to
the authentication issue.
We have 2 PF servers, pf1 is in office A and pf2 is in office B. We also have 2
domain servers(for
Hi dear users,
We use PF V7.3 in our office integrated with Aruba AC. Recently our wireless
behaves very strange. Some users can connected to wireless, passed the 802.1x
auth and can get the correct role and IP, but they just couldn't access any
network. There is no wired in PF logs. But as
Hi users,
There's an availability concern need to confirm about PF Freeradius module.
Hope you can help.
We deployed PF v7.3 in centos 7 in our office. For the wireless connection, we
use 802.1x auth and configured PF as the aaa server and AD as the actual
authentication source.
Last week
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packe
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and Pa
d SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi
Fabrice,
Ju
rse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via
PacketFence-users wrote:
ww.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi Fabrice,
Just after I sent out the mail, pfsso restarted again. I
checked a long time to detect the exact stop time but not found any
obvious
Hi users,
Our PF deployed in office A and we have successfully use it to authenticate and
control devices in office B, via the routed network feature. It works well with
normal VLAN assignment and registration VLAN assignment and IP distribution.
But last night when we began to use PF in
n)
https://github.com/inverse-inc/packetfence/pull/2530
Regards
Fabrice
Le 2017-12-11 ?? 22:30, Yan via PacketFence-users a ??crit :
Hi users,
One of our officeuses ruckus AC. And there are 3 normal
VLAN(25,26,27) used inth
Hi users,
One of our office uses ruckus AC. And there are 3 normal VLAN(25,26,27) used in
this office. We have not used dynamic VLAN assignment yet.
Can PF return 3 vlans or return a vlan group to ruckus and then ruckus ramdomly
choose one vlan and assign it the user ?
Hi Fabrice,
Thank you very much. I have one more question. We have a one more portal to
user after device passed 802.1x auth, and we don't need Linux and IoT device to
meet this portal. I write below rule to bypass linux and IoT device via
device_class but it seems not work. Is there any
So sorry to trouble you. Thank you very much. Actually my VLAN filter rule
works. Thank you for your help. PF is a really great project.
Nov 30 11:17:25 localhost packetfence_httpd.aaa: httpd.aaa(16117) INFO:
[mac:xx:xx:xx:77:cc:xx] Match rule linux_autoreg2:ssid
(pf::access_filter::test)
Hi users,
As I check the audit log, I find there are few users always fail the 802.1x
authentication but still keeps connecting.
Can I create a violation on this item ? For example, if a user fails the
authentication continually for 10 times with the same device, create a
violation and tell
Hi users,
I want to add a VLAN filter rule to temporarily pass one specific switch (IP
172.11.5.121) and keep the others as normal. Is below rule okay to do this ?
[pf_ssid]
filter = ssid
operator = is
value = PF-Wireless
[SG1_switch]
filter = switch._ip
operator = is
value =
Hi dear users,
We use PF v7.3 in our offices. One of our team need to collect PF logs to hive
table to do more data analysis. But they found all PF logs with the date and
time format of "mm dd hr:mi:se", with no year in it. This item will cause
problem when we cross year.
Is there any
In short, I want to know if it is possible to use PF's Captive Portal detection
mechanism to pop out the captive portal, and no need to input any username and
password, but with a url link inside the captive portal, and the user can then
access the url with passthrough mechanism ?
My pf.conf
Hi dear users,
We use PF V7.3 in our office. Currently we set the authentication process as
below:
1. Connect to secure ssid PF-wireless with 802.1x username and password.
2.After connection, the user default be set to registration VLAN.
3.We create a root portal module with only message.html,
xist on your setup.
So check in the person tab if you can find it (the person id appear just
before the error in the log).
Regards
Fabrice
Le 2017-11-16 ?? 05:21, Yan via PacketFence-users a ??crit :
Hi dear users,
Hi dear users,
We use PF V7.3 in our offices and currently there 200+ employees using PF as
AAA server for 802.1x wireless connection. I guess we are not the largest
client of PF. But when I check packetfence.log I found below errors keeps
occurring. And most of the errors happened around
Can anyone used device registration portal help ?--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Hi dear users,
One of our offices uses ruckus AC and our IT deployed 3 VLANs(VLAN 18,VLAN
19,VLAN 20) and randomly assigned users with these 3 VLANs. Now we are about to
deploy PF in this office and we have successfully tested dynamic VLAN
assignment. But I noticed once a user passed 802.1x,
db, be sure to export the procedures too, or use the
db schema in db directory then import your data.
Also don't forget to do a pfcmd configreload hard and to restart
packetfence-config.
Regards
Fabrice
Le 2017-10-30 ?? 02:23, Ya
Hi dear users,
We are going to deploy PF v7.3 in our production network recently. Our PF works
fine in standalone mode. Since I'm not so familiar with DB operation, I think
it's a little difficult for me to operate the mariadb clustering after reading
the cluster deployment guide. I'm afraid
efresh the browser cache (ctrl + f5) ?, is there any adblock
extension installed ?
Regards
Fabrice
Le 2017-10-26 ?? 05:20, Yan via PacketFence-users a ??crit :
Hi dear users,
My previous PF was v7.2 and I just
Hi dear users,
My previous PF was v7.2 and I just upgrade it to v7.3 as the upgrade doc
guided. But after I upgraded, I found the option part has issue. All selecting
part doesn't work in admin GUI now. For example, I should have access to choose
the switch type and mode, but now I couldn't
e importation can be long, there is 5M
combinations in the database.
Regards
Fabrice
Le 2017-10-18 ?? 22:17, Yan via PacketFence-users a ??crit :
Oh 2 more tables,"dhcp_vendor" and "user_agent" appeared
lately. And there i
on -> Initialize MySQL database"
If the access to the db is ok then you should be able to see a process
"python" running that import the db from the sqlite file.
It can take a long time.
Regards
Fabrice
Le 2017-10-18 ??
db from the sqlite file.
It can take a long time.
Regards
Fabrice
Le 2017-10-18 ?? 12:19, Yan via PacketFence-users a ??crit :
Hi Durand,
After running "yumreinstall fingerbank --enablerepo=packetfence",
I can findfi
have it (fingerbank_Upstream.db) then you can integrate it into
mysql then the futur update will be just some interim update and not the
whole database.
Regards
Fabrice
Le 2017-10-18 ?? 10:38, Yan via PacketFence-users a ??crit :
you didn't imported fingerbank into mysql.
Go in Configuration -> Compliance -> Fingerbank Profiling -> General
settings then in Action "Initialize MySQL database".
Regards
Fabrice
Le 2017-10-1
you didn't imported fingerbank into mysql.
Go in Configuration -> Compliance -> Fingerbank Profiling -> General
settings then in Action "Initialize MySQL database".
Regards
Fabrice
Le 2017-10-17 ?? 03:19, Yan via PacketFen
Hi dear users,
We are using PF V7.2 in our office. We want to use PF to recognize mobile
devices from computers when connecting wireless ssid. It seems PF define
device's type via DHCP fingerprint. Our packetfence.log keeps logging "pfqueue:
pfqueue(1341) WARN: [mac:ff:ee:dd:cc:bb:aa] Unable
51 matches
Mail list logo