Hi Durand,
What if we use web portal ?
Our authentication source is a OTP server and we hope users come to office and
authenticate themselves one time a day with his username and dynamic OTP
password. If we use 802.1x with OTP auth, we are afraid some windows PCs can't
support well on passwor
Hi Julien,
First of all thank you very much for your fix. Our developer also fix the dump
script in the same way as you provided but your reply makes us feel more
relieved.
About the root cause of this issue, it's detected by Microsoft support. And I
asked him to offer the method and relative
Sorry for my typo, the issue script is not
/usr/lib/python2.7/site-packages/impacket/dcerpc/v5/drsuapi.py ,it's
/usr/local/pf/addons/AD/secretsdump.py this script which lacked of
"DRS_EXT_NONDOMAIN_NCS" flag when sending replication to AD server and caused
AD server rebooting. Hope for your rep
Hi dear users,
Last year we met a performance bottleneck since we used NTLM authentication
against an Active Directory for 802.1X EAP-PEAP connections. According to your
suggestions, we decided to use NTLM authentication caching module to improve
the performance. Last week we deployed the chan
Hi Fabrice,
I mean rtml_perl module takes too much time processing requests and drags
radius very slow.
And I see, no need to login but only need to open mgmt_ip:9000. But which
graphics can tell the issue cause ?
Today we did a pressure test with 50 qps (pf+AD authentication) and found the
fr
Hi dear users,
After a whole night??s analysis, we found it??s pf that takes too much time
processing authentication request if the QPS is too high and hangs all radius
requests later and then Aruba AC meets the radius timeout setting and re-sends
the same radius access request to pf while pf j
Hi dear users,
Yesterday we deployed pf in our office and today we encountered issues again...
Nearly all users failed their 802.1x authentications with thousands of errors
"No EAP session matching state xxx" . Did anyone meet the same issue before
?
Jan 30 15:03:30 pf-ww auth[19225]: (
it in pfmon.log and
you will probably see deauth request in packetfence.log.
Regards
Fabrice
Le 2018-01-27 ?? 04:32, Yan via PacketFence-users a ??crit :
Hi dear user,
Recently we have a
Is there a way to disable violation 123 ? It can??t be stopped by disable
it in violation menu in admin GUI.
-- Original --
From: packetfence-users
Date: ,1?? 28,2018 06:15
To: packetfence-users
Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users
Hi dear user,
Recently we have a headache that some users always have network connection
issue after authenticated(I mentioned this issue in one other mail but not
found root cause). We've checked time by time but it seems all the process
works well. Today when I check the logs I found there i
Hi dear users,
Yesterday our 2 Ruckus AC(a master and a slave, in cluster mode) crashed, and
our network team thought it might be caused by pf...Is there any issue with pf
to integrate with Ruckus AC ? Any special configuration ?
The day before yesterday we deployed pf V7.3 in one of our offi
Is there any other dependence besides just run "yum update libdrm" ? This
command can't save me...
[root@pf-3 script]# yum update libdrm
fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: ftp.cuhk.edu.hk
* extras: mirrors.cn99.com
* updates: m
Hi Fabrice,
It seems to be the same issue you said. The error is as below. I run "yum
--exclude=collectd* update" but the image is still broken. Is there any other
way to fix it ?
Python 2.7.5 (default, Nov 20 2015, 02:00:19)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyri
Hi Fabrice,
Below attached is error detail. Any solution on this ?
Traceback (most recent call last): File
"/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 99, in
get_response resolver_match = resolver.resolve(request.path_info) File
"/usr/lib/python2.7/site-packag
Hi Fabrice,
Thank you very much for your reply. I know about switch fall back and have also
tested is and it works good. What I'm concern is wireless. It seems neither
Aruba AC nor Ruckus AC has fall back mode. So I think I should use the monitor
script as you suggested. But I'm not sure exact
Hi dear users,
Did your encounter the case when mariadb reached the max connections and
rejected all authentication requests ?
Yesterday morning we met this issue and it cost us about 40 minutes to recover
all services(finally rebooting server resolved our problem). This issue has
very bad impa
I...
AD2 was just in preparation after I deployed pf2. Several days later, ad2 was
ready but I thought joining domain was just one time action since there were
also a featrue named authentication source. So I nearly forget it until I
reviewed the configuration after the network issue.
We are pl
Hi Fabrice,
So is there any problem within my configuration which I posted in my previous
mail ?
I ask our network team if cisco acs needs to join domian server, they said no
need. They said they only need to add AD server in cisco ACS for
authentication. What??s the difference between using a
Yes. They have the same domain/users but on different servers. Both of them can
authenticate our all users.
-- Original --
From: Fabrice Durand
Date: ,1?? 15,2018 22:13
To: Yan <1136723...@qq.com>, packetfence-users
Subject: Re: [PacketFence-users] Successf
Hi Durand,
I installed a netdata in my pf server and not found any network issue yet(I'm
learning to use it). But there is another case I'm not sure if it is related to
the authentication issue.
We have 2 PF servers, pf1 is in office A and pf2 is in office B. We also have 2
domain servers(for
And now this issue happened with ruckus and aruba. Our network team noticed us
they??ll change 2 big offices?? authentication to acs again... The issue with
ruckus behaves also normal with pf logs. But I noticed AC sent out an
accounting stop packet immediately after it sent accounting start pac
Hi dear users,
We use PF V7.3 in our office integrated with Aruba AC. Recently our wireless
behaves very strange. Some users can connected to wireless, passed the 802.1x
auth and can get the correct role and IP, but they just couldn't access any
network. There is no wired in PF logs. But as we
Hi users,
There's an availability concern need to confirm about PF Freeradius module.
Hope you can help.
We deployed PF v7.3 in centos 7 in our office. For the wireless connection, we
use 802.1x auth and configured PF as the aaa server and AD as the actual
authentication source.
Last week
ce version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketF
u) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi
Fabrice,
Just
ence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155
:: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 09:56 AM, Yan
ld you provide your PacketFence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence
Hi users,
Our PF deployed in office A and we have successfully use it to authenticate and
control devices in office B, via the routed network feature. It works well with
normal VLAN assignment and registration VLAN assignment and IP distribution.
But last night when we began to use PF in offi
12-11 ?? 22:30, Yan via PacketFence-users a ??crit :
Hi users,
One of our officeuses ruckus AC. And there are 3 normal
VLAN(25,26,27) used inthis office. We have not used dynamic VLAN
assignment yet.
Can PF return 3vlans or return a vlan gro
Hi users,
One of our office uses ruckus AC. And there are 3 normal VLAN(25,26,27) used in
this office. We have not used dynamic VLAN assignment yet.
Can PF return 3 vlans or return a vlan group to ruckus and then ruckus ramdomly
choose one vlan and assign it the user ?
33FAF303@256D682A.564D2F5
Hi Fabrice,
Thank you very much. I have one more question. We have a one more portal to
user after device passed 802.1x auth, and we don't need Linux and IoT device to
meet this portal. I write below rule to bypass linux and IoT device via
device_class but it seems not work. Is there any wrong
So sorry to trouble you. Thank you very much. Actually my VLAN filter rule
works. Thank you for your help. PF is a really great project.
Nov 30 11:17:25 localhost packetfence_httpd.aaa: httpd.aaa(16117) INFO:
[mac:xx:xx:xx:77:cc:xx] Match rule linux_autoreg2:ssid&linux
(pf::access_filter::test
Hi users,
As I check the audit log, I find there are few users always fail the 802.1x
authentication but still keeps connecting.
Can I create a violation on this item ? For example, if a user fails the
authentication continually for 10 times with the same device, create a
violation and tell u
Hi users,
I want to add a VLAN filter rule to temporarily pass one specific switch (IP
172.11.5.121) and keep the others as normal. Is below rule okay to do this ?
[pf_ssid]
filter = ssid
operator = is
value = PF-Wireless
[SG1_switch]
filter = switch._ip
operator = is
value = 172.11.5.121
Hi dear users,
We use PF v7.3 in our offices. One of our team need to collect PF logs to hive
table to do more data analysis. But they found all PF logs with the date and
time format of "mm dd hr:mi:se", with no year in it. This item will cause
problem when we cross year.
Is there any confi
In short, I want to know if it is possible to use PF's Captive Portal detection
mechanism to pop out the captive portal, and no need to input any username and
password, but with a url link inside the captive portal, and the user can then
access the url with passthrough mechanism ?
My pf.conf i
Hi dear users,
We use PF V7.3 in our office. Currently we set the authentication process as
below:
1. Connect to secure ssid PF-wireless with 802.1x username and password.
2.After connection, the user default be set to registration VLAN.
3.We create a root portal module with only message.html,
rror in the log).
Regards
Fabrice
Le 2017-11-16 ?? 05:21, Yan via PacketFence-users a ??crit :
Hi dear users,
We use PF V7.3 in our offices and currently there 200+
employees using PF as AAA server for
Hi dear users,
We use PF V7.3 in our offices and currently there 200+ employees using PF as
AAA server for 802.1x wireless connection. I guess we are not the largest
client of PF. But when I check packetfence.log I found below errors keeps
occurring. And most of the errors happened around 10:00
Can anyone used device registration portal help ?--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Hi dear users,
One of our offices uses ruckus AC and our IT deployed 3 VLANs(VLAN 18,VLAN
19,VLAN 20) and randomly assigned users with these 3 VLANs. Now we are about to
deploy PF in this office and we have successfully tested dynamic VLAN
assignment. But I noticed once a user passed 802.1x, P
ur data.
Also don't forget to do a pfcmd configreload hard and to restart
packetfence-config.
Regards
Fabrice
Le 2017-10-30 ?? 02:23, Yan via PacketFence-users a ??crit :
Hi dear users,
We are going to d
Hi dear users,
We are going to deploy PF v7.3 in our production network recently. Our PF works
fine in standalone mode. Since I'm not so familiar with DB operation, I think
it's a little difficult for me to operate the mariadb clustering after reading
the cluster deployment guide. I'm afraid I
brice
Le 2017-10-26 ?? 05:20, Yan via PacketFence-users a ??crit :
Hi dear users,
My previous PF was v7.2 and I just upgrade it to v7.3 as the
upgrade doc guided. But after I upgraded, I found the option part has
issue
Hi dear users,
My previous PF was v7.2 and I just upgrade it to v7.3 as the upgrade doc
guided. But after I upgraded, I found the option part has issue. All selecting
part doesn't work in admin GUI now. For example, I should have access to choose
the switch type and mode, but now I couldn't cho
you can
integrate it into mysql then the futurupdate will be
just some interim update and notthe whole database.
Regards
;python" running that import the db from the sqlite file.
It can take a long time.
Regards
Fabrice
Le 2017-10-18 ?? 12:19, Yan via PacketFence-users a ??crit :
Hi Durand,
After running "yumreinstall fingerbank --enablerepo=packet
e
is correct then "Action -> Initialize MySQL database"
If the access to the db is ok then you should be able to see a process
"python" running that import the db from the sqlite file.
It can take a long time.
Regards
Fabrice
some interim update and not the
whole database.
Regards
Fabrice
Le 2017-10-18 ?? 10:38, Yan via PacketFence-users a ??crit :
Hi Durand,
I don't have any proxy configured in my server. The ce
expired" and the fingerbank.inverse.ca certificate is not yet expired so
there is probably something that block/filter the request.
Regards
Fabrice
Le 2017-10-17 ?? 22:16, Yan via PacketFence-users a ??crit :
guration -> Compliance -> Fingerbank Profiling -> General
settings then in Action "Initialize MySQL database".
Regards
Fabrice
Le 2017-10-17 ?? 03:19, Yan via PacketFence-users a ??crit :
Hi dear users,
Hi dear users,
We are using PF V7.2 in our office. We want to use PF to recognize mobile
devices from computers when connecting wireless ssid. It seems PF define
device's type via DHCP fingerprint. Our packetfence.log keeps logging "pfqueue:
pfqueue(1341) WARN: [mac:ff:ee:dd:cc:bb:aa] Unable t
53 matches
Mail list logo
