Hi Olivier,
Yes, I meant the graphiques / graphs on the administration site.
rrdtools has been in since the beginning ; care to specify which Perl
module you're referring to ? Usually, I've been depending on complaints
- on the command line or in the logs - to find missing Perl modules,
but this
> When we first put PF on Debian we hit a couple of road blocks with the
> graphs. We did get it fixed after a few tweaks. Is this what you are
> talking about when your refer to graphics?
>
>
>
>
> -Original Message-
> From: cg [mailto:aubergi...@gmx.com]
Hello Olivier, François and all,
A quick announcement : we are now fully (and stably)
functional. Thanks greatly to all for the great (and patient)
assistance. We're preparing for the university roll-out !
Naturally, there is a loose end. Largely cosmetic now, but potentially
useful, the graphic
Hi Olivier,
This one is entirely an oversight on my part ; apologies for the
(false) alarm. (heh heh) During the configuration of the new version
(v2.0.0 -> v2.0.1) when the radius 'secret' appeared in pf.conf I
assumed that it had been moved there and didn't bother looking in
conf/authentication/
Hello List,
We've just completed a new installation of v2.0.1 and have come across
a new phenomenon / artifact / glitch.
With v2.0.0 (mostly, but not yet entirely, working) FR performs its
authentication flawlessly ; with 2.0.1 it's complaining about
"Unprintable characters in the password" and d
Hi Jake,
Thank you for the tip about a FR proxy. We don't need to do it now,
but it is valuable info in case of a future need. Personally, I am
*not* expert in FR and was happy to set it up and have it just work
for us. The university *does* have a dedicated FR server but I wasn't
certain what eff
Hi Olivier,
Yes, that was me. Apologies that that was formalised into a bug - it
was reported to you as a step on the way to finding the impasse that
we are now in.
Please, then, close the 'placeholder' bug ; we seem to have gone on to
a level beneath it.
Any comment/insight you have on the curr
Hi Jake,
As we have both EAP and the captive portal in our system, we
(obviously) had to set up radius for both modes. EAP authentication
has always worked well once we configured radius to work with our ldap
system but the CP side of it was dodgy, at best. We have recently set
up a second 'inner-
Hello List (Olivier & François & all),
We have an almost completely stable, working installation here ; it's
being tested more widely and is (largely) working with *both* EAP and
captive portal validation. (The two are available via different
SSIDs.) Thanks again for all assistance and advice ; it
Hi again Olivier,
Continuing this thread, I searched further into what PF and the AP
were doing with snmp and discovered that the issue we had with the
Debian implementation of snmptrapd some months ago has
reappeared. When I moved our development environment from a normal
server to the 'productio
Hi Olivier,
Thanks for all the good comment !
> With RADIUS proxying and Huntgroups you can do stuff similar to that.
> For the record, we do not plan on replacing locationlog with RADIUS
> accounting, we plan on having RADIUS accounting information update the
> locationlog.
This sounds brill
Salut Olivier !
Good to hear from you (on multiple levels).
> Anyway, the point is: ignore anything related to dot11Deauthentication.
Do I take this literally ? Should I then disable SNMP on the access
point ? Is there really no disconnection event ? Then, it seems, the
locationlog table will fi
Are you having issues with only this wireless network
> card or you have the same behavior with others?
> Do you have VMWare or Virtual Box installed on the test PC? (sorry for
> all those questions, I just want to find the problem hehe :)
>
> snmptrapfmt is still under suspici
redirection under PF config ? Apache
> > won't run without it on this platform. Seems harmless to me but ...
> >
> > Thanks François,
> >
> > G'day !
> >
> > Chris
> >
> > On Wed 5.Jan'11 at 14:50:22 -0500, Francois Gaudreault wro
0, Francois Gaudreault wrote:
> Chris,
>
> Can you try to shutdown snmptrapfmt and see if the behavior is the same?
>
> On 11-01-05 2:23 PM, cg wrote:
> > Hi François,
> >
> > Yes, it's there - as spec'd, as well as our wired switch and the AP.
> >
>
Hi François,
Yes, it's there - as spec'd, as well as our wired switch and the AP.
Thanks ...
Chris
On Wed 5.Jan'11 at 13:30:49 -0500, Francois Gaudreault wrote:
> Chris,
>
> I checked in the Aironet module, and the regex there matches the trap
> you sent me. No problems in the module.
>
artup line (use ps aufx to see it)
>
> On 11-01-05 11:30 AM, cg wrote:
> > Jan 05 15:09:03 pfsetvlan(5) WARN: unable to parse trapLine.. here's the
> > line: ip.ip.ip.ip ||dot11Deauthentication|||nn:nn:nn:nn:nn:nn
> > (main::startTrapHandlers)
>
> Thanks!
>
Hi Francois,
Thanks for the good info and the model Aironet config.
Our AP config was pretty close to the model ; we trimmed a few things
and all seems pretty good (but see below).
Ah ! CLI means command line interface - I was ahead of (or behind)
myself, I had thought it was a bit of switch eso
Hello again Francois,
The current config for our Aironet is attached. Thanks in advance for
taking the time to look at it.
Yes, please, if you would, send the Aironet configuration example.
The hardware limitations of the fat AP are understood ; we will have
separate 'service' vlans for each SSI
e to say.
Best wishes for the new year,
Chris
On Mon 3.Jan'11 at 10:18:04 -0500, Francois Gaudreault wrote:
> Chris,
>
> If you manually turn off, and turn back on the radio, are you able to
> get an IP at all?
>
> What radius tells you in debug mode?
>
> On 10-12-3
Hi again List,
Apologies for the previous post - please ignore it. It was Monday
morning after New Year's weekend ... The syslog entries referred
entirely to something else.
Sorry again about the waste of attention and bandwidth.
Best,
Chris
be doing *anything* with
LDAP.
Can anyone illuminate / explain ?
Thanks in advance for the attention.
Best wishes,
Chris
On Thu 30.Dec'10 at 21:38:03 +0100, cg wrote:
> Hello List,
>
> Hope everyone here will have a great and auspicious new year.
>
> Closing in on our
Hello List,
Hope everyone here will have a great and auspicious new year.
Closing in on our Debian adaptation of version 2.0.0 ; the wifi side
of things is showing validation by radius and an *almost* working
captive portal. Can anyone comment on the following log results ?
Dec 30 21:18:51 pf::
can telnet from the PF box to the DB on the mysql
> port.
>
> Not sure if this will help but it's always good to double check.
>
> Cheers
>
>
> On Tue, Dec 7, 2010 at 10:19 AM, cg wrote:
>
> > Greetings list,
> >
> > We are here moving our dev
Greetings list,
We are here moving our development installation of PF to its
production environment (optimism is the keynote) in a KVM machine. To
be ultra-cautious, because of past difficulties with Perl modules on a
Debian machine, I've done a complete re-inventory of the necessary
modules and e
Hi Olivier,
Didn't hear back from you on the last inquiry ; hoping you have time
for this one. Things are exactly as before except, for the first time,
I'm getting error messages in logs/error_log. Everything seems fine,
the WAP is switched correctly to the registration vlan, the captive
portal ap
Hello again Jake,
Don't know whether the above post was of any interest/use to you, but
my mods to rlm_perl_packetfence took the long way around ; I hadn't
noticed an (obvious) simpler method of checking whether or not the
request was eap or not. (Wiping some egg off face) here is the
improved fix
Hello Jake,
I think that we've run into the same (or similar) behaviour in our
installation of PF. From a WAP (Cisco 1252) we have some SSIDs which
validate directly against freeRadius as well as an 'open' SSID which
PF needs to handle (registration, as usual, etc.). The PF
rlm_perl_packetfence mo
Hello Olivier,
Went back in to pf/conf/authentication/radius.pm and triple-checked
and both the $RadiusServer and $RadiusSecret vars are correctly set
(the routine worked before ver 1.9.1).
I noticed that the instantiation of Authen::Radius in the
authenticate() sub is done with the minimum args
Hi Olivier,
Apologies for the delay.
Yes, checked logs/error_log ; grepped the directory for
'authentication' and came up with nothing (no lines anywhere) that had
an 'ERROR' flag on them.
Made the mods ; here's the output from a registration attempt :
packetfence.log:Nov 02 18:56:06 register.c
Hi Olivier,
Thanks much for the response.
> Anything in logs/error_log ?
>
> In logs/packetfence.log, any message similar to:
> - ERROR loading authentication::radius ...
Nothing ; it all seems fine.
> You can also check if your radius authentication module compiles:
>
> cd /usr/local/pf/
> p
Hello José,
Why not set things up first very simply, then take it from there ?
As your switch supports port-security you will not need vlan 4 for MAC
detection - so don't set up for it now. Also, don't worry about
custom.pm for now, you can set it up and configure it later, if
necessary. Just do
the registran vlan having been defined, that it would have been
the logical next step to retun (and therefore reset) it. So, given the
above, how do I get it to switch to the reg vlan ?
Thanks Olivier - a good weekend if I don't speak to you before then.
Chris
On Thu 21.Oct'10 at 17:48:
in for the feedback. I realise that the above is a vague
description - hoping that you might be able to cast an educated eye
towards it and spot something obvious ...
Best wishes,
Chris
On Wed 20.Oct'10 at 11:41:41 -0400, Olivier Bilodeau wrote:
> Hi Chris,
>
> On 14/10/10 8:45 AM,
Hello List,
Posting this in hopes that someone can clarify a configuration issue
I've been struggling with for the past two weeks.
I have PacketFence working well with our wired switches - the captive
portal is presented, authentication is performed, vlans are changed
correctly, etc. I'm now work
Hi,
Not, I think, a Debian related question - but I can't be certain. PF
was working well, validating against freeRadius, itself validating
against LDAP. I completed the upgrade to 1.9.1 and the radius
authentication stopped working (apparently a known issue according to
the first clause of the UP
Hi again Olivier,
Thanks again.
Point-by-point :
> Just to be 100% clear here. You use RADIUS authentication on the
> captive portal's login/password fields (as opposed to ldap or local
> auth)? What do you have as auth=... under [registration]?
Yes ; we use RADIUS at the moment and registratio
Hello Olivier,
Version 1.9.0 has been running fine on our wired network,
authenticating against a freeRadius server.
Downloaded the new 1.9.1 version, installed and upgraded our PF
server. Thanks to the PF team for the fixes and all - it's in place
and everything, but the single item below, seems
Hi Olivier,
Apologies for the delay.
I've chased down the error to the fact that PF doesn't reliably close
the client's entry in the locationlog table and, therefore, correctly
refuses to allow the deletion of the client record in the nodes table
believing that the client is still connected. I th
db, but
things remain the same ...
Best,
Chris
On Fri 10.Sep'10 at 10:54:07 -0400, Olivier Bilodeau wrote:
> Hi Chris,
>
> cg wrote:
> > Hello List,
> >
> > Answering my own post, and have partly dealt with my own issue. It was
> > resolved usin
27;gateway' spec, it all worked well. I
couldn't find any explanation in the docs for the difference between
'pf_gateway' and 'gateway' ...
In the event, thanks for (any) attention and apologies for (any)
inconveniences. The installation progresses.
Best wishes,
C
.255.0 {
option routers 192.168.5.1;
option subnet-mask 255.255.255.0;
option domain-name "pf_guests.xyz.fr";
option domain-name-servers 192.168.5.1;
range 192.168.5.10 192.168.5.200;
default-lease-time 300;
max-lease-time 600;
}
# This file is generated from a template at
/usr/local/
something very simple that I'm missing here (also tried -switch 01 ;
the test setup has only one switch) ...
I don't know another way of finding out the port connection to a
vlan.
Thanks again,
cg
--
This SF.
playing a bit of whack-a-mole with it ... And there are
doubtless a few remaining Debian related issues (PHP comes to mind
...).
In the event, thanks for both the attention and for PF itself - it's a
terrific product and shows great promise for becoming a standard (if
it isn't that already).
B
sumably it can be converted into a .deb by alien.)
Does anyone have any idea where I can source it ?
Following what seems to have become a tradition, once it's working I'm
thinking of posting a HowTo ...
Greetings and thanks for the attention. All advice, critique,
comme
45 matches
Mail list logo
