[PacketFence-users] ?????? Will PF detect and block the fake devicewhile the fake device's mac change to the same as an registered device's ?

Hi Durand, What if we use web portal ? Our authentication source is a OTP server and we hope users come to office and authenticate themselves one time a day with his username and dynamic OTP password. If we use 802.1x with OTP auth, we are afraid some windows PCs can't support well on

Re: [PacketFence-users] Re?? The lack of "DRS_EXT_NONDOMAIN_NCS" parametercaused AD server reboot

Hi Julien, First of all thank you very much for your fix. Our developer also fix the dump script in the same way as you provided but your reply makes us feel more relieved. About the root cause of this issue, it's detected by Microsoft support. And I asked him to offer the method and relative

[PacketFence-users] Re?? The lack of "DRS_EXT_NONDOMAIN_NCS" parametercaused AD server reboot

Sorry for my typo, the issue script is not /usr/lib/python2.7/site-packages/impacket/dcerpc/v5/drsuapi.py ,it's /usr/local/pf/addons/AD/secretsdump.py this script which lacked of "DRS_EXT_NONDOMAIN_NCS" flag when sending replication to AD server and caused AD server rebooting. Hope for your

[PacketFence-users] The lack of "DRS_EXT_NONDOMAIN_NCS" parameter caused AD server reboot

Hi dear users, Last year we met a performance bottleneck since we used NTLM authentication against an Active Directory for 802.1X EAP-PEAP connections. According to your suggestions, we decided to use NTLM authentication caching module to improve the performance. Last week we deployed the

Re: [PacketFence-users] All authentication failed with error"NoEAPsession matching state xxxx"

Hi Fabrice, I mean rtml_perl module takes too much time processing requests and drags radius very slow. And I see, no need to login but only need to open mgmt_ip:9000. But which graphics can tell the issue cause ? Today we did a pressure test with 50 qps (pf+AD authentication) and found the

Re: [PacketFence-users] All authentication failed with error "No EAPsession matching state xxxx"

Hi dear users, After a whole night??s analysis, we found it??s pf that takes too much time processing authentication request if the QPS is too high and hangs all radius requests later and then Aruba AC meets the radius timeout setting and re-sends the same radius access request to pf while pf

[PacketFence-users] All authentication failed with error "No EAP session matching state xxxx"

Hi dear users, Yesterday we deployed pf in our office and today we encountered issues again... Nearly all users failed their 802.1x authentications with thousands of errors "No EAP session matching state xxx" . Did anyone meet the same issue before ? Jan 30 15:03:30 pf-ww auth[19225]:

Re: [PacketFence-users] Will bandwidth limit violation limits allusers ?

Hello Yan, this violation is not enabled by default. Also if the violation is triggered then you will see it in pfmon.log and you will probably see deauth request in packetfence.log. Regards Fabrice Le 2018-01-27

Re: [PacketFence-users] Will bandwidth limit violation limits all users?

Is there a way to disable violation 123 ? It can??t be stopped by disable it in violation menu in admin GUI. -- Original -- From: packetfence-users Date: ,1?? 28,2018 06:15 To: packetfence-users

[PacketFence-users] Packetfence with Ruckus

Hi dear users, Yesterday our 2 Ruckus AC(a master and a slave, in cluster mode) crashed, and our network team thought it might be caused by pf...Is there any issue with pf to integrate with Ruckus AC ? Any special configuration ? The day before yesterday we deployed pf V7.3 in one of our

[PacketFence-users] Re?? Image broken in PF status dashboard

Is there any other dependence besides just run "yum update libdrm" ? This command can't save me... [root@pf-3 script]# yum update libdrm fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * epel: ftp.cuhk.edu.hk * extras: mirrors.cn99.com * updates:

[PacketFence-users] Re?? Image broken in PF status dashboard

Hi Fabrice, It seems to be the same issue you said. The error is as below. I run "yum --exclude=collectd* update" but the image is still broken. Is there any other way to fix it ? Python 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2 Type "help",

[PacketFence-users] ?????? Image broken in PF status dashboard

Hi Fabrice, Below attached is error detail. Any solution on this ? Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 99, in get_response resolver_match = resolver.resolve(request.path_info) File

[PacketFence-users] Re?? How to bypass authentication when pfservice down ?

Hi Fabrice, Thank you very much for your reply. I know about switch fall back and have also tested is and it works good. What I'm concern is wireless. It seems neither Aruba AC nor Ruckus AC has fall back mode. So I think I should use the monitor script as you suggested. But I'm not sure

[PacketFence-users] How to bypass authentication when pf service down ?

Hi dear users, Did your encounter the case when mariadb reached the max connections and rejected all authentication requests ? Yesterday morning we met this issue and it cost us about 40 minutes to recover all services(finally rebooting server resolved our problem). This issue has very bad

Re: [PacketFence-users] Successfully passed 802.1x auth but nonetwork access

I... AD2 was just in preparation after I deployed pf2. Several days later, ad2 was ready but I thought joining domain was just one time action since there were also a featrue named authentication source. So I nearly forget it until I reviewed the configuration after the network issue. We are

Re: [PacketFence-users] Successfully passed 802.1x auth but nonetwork access

Hi Fabrice, So is there any problem within my configuration which I posted in my previous mail ? I ask our network team if cisco acs needs to join domian server, they said no need. They said they only need to add AD server in cisco ACS for authentication. What??s the difference between using

Re: [PacketFence-users] Successfully passed 802.1x auth but no network access

Yes. They have the same domain/users but on different servers. Both of them can authenticate our all users. -- Original -- From: Fabrice Durand Date: ,1?? 15,2018 22:13 To: Yan <1136723...@qq.com>, packetfence-users

[PacketFence-users] Re?? Successfully passed 802.1x auth but no network access

Hi Durand, I installed a netdata in my pf server and not found any network issue yet(I'm learning to use it). But there is another case I'm not sure if it is related to the authentication issue. We have 2 PF servers, pf1 is in office A and pf2 is in office B. We also have 2 domain servers(for

[PacketFence-users] Successfully passed 802.1x auth but no network access

Hi dear users, We use PF V7.3 in our office integrated with Aruba AC. Recently our wireless behaves very strange. Some users can connected to wireless, passed the 802.1x auth and can get the correct role and IP, but they just couldn't access any network. There is no wired in PF logs. But as

[PacketFence-users] Would Freeradius work well after reaching the max_sessions in the EAP module ?

Hi users, There's an availability concern need to confirm about PF Freeradius module. Hope you can help. We deployed PF v7.3 in centos 7 in our office. For the wireless connection, we use 802.1x auth and configured PF as the aaa server and AD as the actual authentication source. Last week

Re: [PacketFence-users] Why pfsso restarts itself recently ?

Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packe

Re: [PacketFence-users] Why pfsso restarts itself recently ?

Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and Pa

Re: [PacketFence-users] Why pfsso restarts itself recently ?

d SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Ju

Re: [PacketFence-users] Why pfsso restarts itself recently ?

rse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:

Re: [PacketFence-users] Why pfsso restarts itself recently ?

ww.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious

[PacketFence-users] PF give DHCPACK to assign IP and then DHCPNAK to take IP back in registration VLAN

Hi users, Our PF deployed in office A and we have successfully use it to authenticate and control devices in office B, via the routed network feature. It works well with normal VLAN assignment and registration VLAN assignment and IP distribution. But last night when we began to use PF in

Re: [PacketFence-users] Can PF return multiple VLANs in one time ?

n) https://github.com/inverse-inc/packetfence/pull/2530 Regards Fabrice Le 2017-12-11 ?? 22:30, Yan via PacketFence-users a ??crit : Hi users, One of our officeuses ruckus AC. And there are 3 normal VLAN(25,26,27) used inth

[PacketFence-users] Can PF return multiple VLANs in one time ?

Hi users, One of our office uses ruckus AC. And there are 3 normal VLAN(25,26,27) used in this office. We have not used dynamic VLAN assignment yet. Can PF return 3 vlans or return a vlan group to ruckus and then ruckus ramdomly choose one vlan and assign it the user ?

[PacketFence-users] Re?? VLAN filter rule to temporarily allowspecific switch

Hi Fabrice, Thank you very much. I have one more question. We have a one more portal to user after device passed 802.1x auth, and we don't need Linux and IoT device to meet this portal. I write below rule to bypass linux and IoT device via device_class but it seems not work. Is there any

[PacketFence-users] Forward??Re?? VLAN filter rule to temporarily allowspecific switch

So sorry to trouble you. Thank you very much. Actually my VLAN filter rule works. Thank you for your help. PF is a really great project. Nov 30 11:17:25 localhost packetfence_httpd.aaa: httpd.aaa(16117) INFO: [mac:xx:xx:xx:77:cc:xx] Match rule linux_autoreg2:ssid (pf::access_filter::test)

[PacketFence-users] Creat violation to auth reject user

Hi users, As I check the audit log, I find there are few users always fail the 802.1x authentication but still keeps connecting. Can I create a violation on this item ? For example, if a user fails the authentication continually for 10 times with the same device, create a violation and tell

[PacketFence-users] VLAN filter rule to temporarily allow specific switch

Hi users, I want to add a VLAN filter rule to temporarily pass one specific switch (IP 172.11.5.121) and keep the others as normal. Is below rule okay to do this ? [pf_ssid] filter = ssid operator = is value = PF-Wireless [SG1_switch] filter = switch._ip operator = is value =

[PacketFence-users] How to add 'year' to PF logs ?

Hi dear users, We use PF v7.3 in our offices. One of our team need to collect PF logs to hive table to do more data analysis. But they found all PF logs with the date and time format of "mm dd hr:mi:se", with no year in it. This item will cause problem when we cross year. Is there any

Re: [PacketFence-users] [WISPr redirection]Can't direct user todownload specific files in registration VLAN

In short, I want to know if it is possible to use PF's Captive Portal detection mechanism to pop out the captive portal, and no need to input any username and password, but with a url link inside the captive portal, and the user can then access the url with passthrough mechanism ? My pf.conf

[PacketFence-users] [WISPr redirection]Can't direct user to download specific files in registration VLAN

Hi dear users, We use PF V7.3 in our office. Currently we set the authentication process as below: 1. Connect to secure ssid PF-wireless with 802.1x username and password. 2.After connection, the user default be set to registration VLAN. 3.We create a root portal module with only message.html,

Re: [PacketFence-users] Mysql query error -"Database query failedwith non retryable error"

xist on your setup. So check in the person tab if you can find it (the person id appear just before the error in the log). Regards Fabrice Le 2017-11-16 ?? 05:21, Yan via PacketFence-users a ??crit : Hi dear users,

[PacketFence-users] Mysql query error -"Database query failed with non retryable error"

Hi dear users, We use PF V7.3 in our offices and currently there 200+ employees using PF as AAA server for 802.1x wireless connection. I guess we are not the largest client of PF. But when I check packetfence.log I found below errors keeps occurring. And most of the errors happened around

[PacketFence-users] reply?? Can't login self-registration portaltoregister device

Can anyone used device registration portal help ?-- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___

[PacketFence-users] Dynamic VLAN group assignment on RUCKUS

Hi dear users, One of our offices uses ruckus AC and our IT deployed 3 VLANs(VLAN 18,VLAN 19,VLAN 20) and randomly assigned users with these 3 VLANs. Now we are about to deploy PF in this office and we have successfully tested dynamic VLAN assignment. But I noticed once a user passed 802.1x,

Re: [PacketFence-users] PF cluster deployment and remote mysqlintegration problem

db, be sure to export the procedures too, or use the db schema in db directory then import your data. Also don't forget to do a pfcmd configreload hard and to restart packetfence-config. Regards Fabrice Le 2017-10-30 ?? 02:23, Ya

[PacketFence-users] PF cluster deployment and remote mysql integration problem

Hi dear users, We are going to deploy PF v7.3 in our production network recently. Our PF works fine in standalone mode. Since I'm not so familiar with DB operation, I think it's a little difficult for me to operate the mariadb clustering after reading the cluster deployment guide. I'm afraid

Re: [PacketFence-users] Can't select attributes after upgrade tov7.3

efresh the browser cache (ctrl + f5) ?, is there any adblock extension installed ? Regards Fabrice Le 2017-10-26 ?? 05:20, Yan via PacketFence-users a ??crit : Hi dear users, My previous PF was v7.2 and I just

[PacketFence-users] Can't select attributes after upgrade to v7.3

Hi dear users, My previous PF was v7.2 and I just upgrade it to v7.3 as the upgrade doc guided. But after I upgraded, I found the option part has issue. All selecting part doesn't work in admin GUI now. For example, I should have access to choose the switch type and mode, but now I couldn't

Re: [PacketFence-users] Can't download and update fingerbank DB

e importation can be long, there is 5M combinations in the database. Regards Fabrice Le 2017-10-18 ?? 22:17, Yan via PacketFence-users a ??crit : Oh 2 more tables,"dhcp_vendor" and "user_agent" appeared lately. And there i

Re: [PacketFence-users] Can't download and update fingerbank DB

on -> Initialize MySQL database" If the access to the db is ok then you should be able to see a process "python" running that import the db from the sqlite file. It can take a long time. Regards Fabrice Le 2017-10-18 ??

Re: [PacketFence-users] Can't download and update fingerbank DB

db from the sqlite file. It can take a long time. Regards Fabrice Le 2017-10-18 ?? 12:19, Yan via PacketFence-users a ??crit : Hi Durand, After running "yumreinstall fingerbank --enablerepo=packetfence", I can findfi

Re: [PacketFence-users] Can't download and update fingerbank DB

have it (fingerbank_Upstream.db) then you can integrate it into mysql then the futur update will be just some interim update and not the whole database. Regards Fabrice Le 2017-10-18 ?? 10:38, Yan via PacketFence-users a ??crit :

Re: [PacketFence-users] Can't download and update fingerbank DB

you didn't imported fingerbank into mysql. Go in Configuration -> Compliance -> Fingerbank Profiling -> General settings then in Action "Initialize MySQL database". Regards Fabrice Le 2017-10-1

Re: [PacketFence-users] Can't download and update fingerbank DB

you didn't imported fingerbank into mysql. Go in Configuration -> Compliance -> Fingerbank Profiling -> General settings then in Action "Initialize MySQL database". Regards Fabrice Le 2017-10-17 ?? 03:19, Yan via PacketFen

[PacketFence-users] Can't download and update fingerbank DB

Hi dear users, We are using PF V7.2 in our office. We want to use PF to recognize mobile devices from computers when connecting wireless ssid. It seems PF define device's type via DHCP fingerprint. Our packetfence.log keeps logging "pfqueue: pfqueue(1341) WARN: [mac:ff:ee:dd:cc:bb:aa] Unable