Re: [PacketFence-users] Firewall SSO failure

2021-06-27 Thread d_s_kelly--- via PacketFence-users
Hi, Yep, the only DHCP is provided by packetfence itself, as we're only using inline enforcement. We do have other systems doing firewall SSO updates (Aruba wireless controllers for example), and we also have an older packetfence instance (8.2 I think) that this one is replacing. That had ident

Re: [PacketFence-users] Firewall SSO failure

2021-06-27 Thread d_s_kelly--- via PacketFence-users
Hi Nicolas, I believe I have solved it - I hadn't updated the latest maintenance patches, and this was the issue I was having: https://github.com/inverse-inc/packetfence/issues/6299 Once updated, it all sprang into life. Thanks for your time. On Wednesday, 23 June 2021, 11:43:51 BST, Quiniou

Re: [PacketFence-users] Firewall SSO failure

2021-06-23 Thread Quiniou-Briand, Nicolas via PacketFence-users
Hello, > I made the changes you suggested, but I noticed that it made no attempt to > update the firewall when I left the network fields empty 1. Did you ensure that you received a DHCP request for your network ? Could you check using tcpdump that PacketFence see DHCP traffic ? 2. I see in logs

Re: [PacketFence-users] Firewall SSO failure

2021-06-21 Thread d_s_kelly--- via PacketFence-users
Hi Nicolas, Thanks for getting back to me. I made the changes you suggested, but I noticed that it made no attempt to update the firewall when I left the network fields empty. When I did enter a network range (192.168.152.0/23 in this example), it then seemed to be trying to SSO _all_ requests,

Re: [PacketFence-users] Firewall SSO failure

2021-06-21 Thread Quiniou-Briand, Nicolas via PacketFence-users
Hello, I did another test today with a basic configuration. I’m able to send firewall SSO updates using pfsso if my PacketFence server received a DHCP request. I think your initial issue is with pfqueue and doesn’t reach pfsso. Could you try: - to remove cache_updates setting - to specify a val

Re: [PacketFence-users] Firewall SSO failure

2021-06-13 Thread d_s_kelly--- via PacketFence-users
Hi, Just add, I have rebuilt a new server from scratch, imported all my users and nodes, re-entered all my network configs and am getting the same errors. Please let me know if there's anything else you need from me. Thanks On Thursday, 10 June 2021, 14:09:57 BST, d_s_kelly--- via PacketFence

Re: [PacketFence-users] Firewall SSO failure

2021-06-10 Thread Arun Kangle via PacketFence-users
Thanks for quick response Nicolas, I deleted the FW definition and created a new one, it worked after that. Could be one of the issue as you mentioned. Thanks, - Arun On Thu, Jun 10, 2021 at 5:55 PM Quiniou-Briand, Nicolas via PacketFence-users wrote: > Hello, > > > > You can try to: > > * remo

Re: [PacketFence-users] Firewall SSO failure

2021-06-10 Thread d_s_kelly--- via PacketFence-users
Thanks. I have removed defined networks, and set log level to debug. The pfsso.log is just full of these errors: Jun 10 13:28:25 boc-pf pfsso[46799]: t=2021-06-10T13:28:25+0100 lvl=eror msg="Recovered panic: runtime error: invalid memory address or nil pointer dereference." pid=46799 request-uui

Re: [PacketFence-users] Firewall SSO failure

2021-06-10 Thread Quiniou-Briand, Nicolas via PacketFence-users
Hello, You can try to: * remove any networks defined: all networks will match * add a network which matched DHCP subnet of UoC-Guest users If you specify something and it doesn’t match, PacketFence will not send SSO update. Could you also to try to switch log level from INFO to DEBUG in /usr/l

Re: [PacketFence-users] Firewall SSO failure

2021-06-09 Thread Quiniou-Briand, Nicolas via PacketFence-users
You should specify a valid “networks” option. Nicolas Quiniou-Briand Product Support Engineer [cid:image001.png@01D75D3C.61E88BD0] Office: +33156696210 Akamai Technologies 145 Broadway Cambridge, MA 02142 Connect with Us: [cid:image002.jpg@01D75D3C.61E88BD0]

Re: [PacketFence-users] Firewall SSO failure

2021-06-09 Thread d_s_kelly--- via PacketFence-users
Hi, I have tried individual network subnets, (i.e. just 10.24.22.0/24), but it doesn't make a difference. 0.0.0.0/0 was just my latest attempt at a catchall. Thanks On Wednesday, 9 June 2021, 13:33:46 BST, Quiniou-Briand, Nicolas wrote: You should specify a valid “networks” option.

Re: [PacketFence-users] Firewall SSO failure

2021-06-09 Thread Quiniou-Briand, Nicolas via PacketFence-users
Hello, 1. Could you provide content of firewall_sso.conf with credentials redacted ? 2. What is your Palo Alto firewall and version ? Nicolas Quiniou-Briand Product Support Engineer [cid:image001.png@01D75D3A.A6B7F900] Office: +33156696210 Akamai Technologies 145 Broadway Cambridge, MA 02142

Re: [PacketFence-users] Firewall SSO failure

2021-06-09 Thread d_s_kelly--- via PacketFence-users
Hi, Here's my firewall_sso.conf [10.1.4.23]transport=httpcategories=UoC-Guestvsys=1networks=0.0.0.0/0cache_updates=enabledusername_format=$pf_usernametype=PaloAltocache_timeout=20port=443password=**redacted** It's a Palo Alto 3250 running 10.3.0, but traffic isn't even hitting it from the packet

[PacketFence-users] Firewall SSO failure

2021-06-07 Thread d_s_kelly--- via PacketFence-users
Hi All, I did see another user with the same problem around a month ago, but I couldn't see a resolution ( here:  https://sourceforge.net/p/packetfence/mailman/message/37275792/ ) At present, I can't seem to get Packetfence to perform SSO updates to our Palo Alto firewalls. Whether I configure HT