Whew. What a ride so far trying to get this configured for a pilot. (pfence
v3.0.1). Unfortunately, ZEN did not work out for me since it's catered towards
an inline solution, and I wanted the vlan isolation setup. Whatever reason,
the zen vm just did not play well with the esx 4i env I have here. Anyhow....
My configuration is fairly basic.
1 cisco 3560x switch using port security, and snmp v2c traps.
1 centos 6 vm running 3.0.1 configured with AD/winbind, basic packetfence
without openvas/nessus nor snort.
3 vlans: 1 registration vlan, 1 isolation vlan, and 1 "normal" vlan.
I'm currently running into an issue with the user registration process. I have
a random laptop/user that connects/pull down the packetfence captive
portal, putting in a username, password and accepting the acceptable use
policy.
That said, when I put in the information in new user registration, i choose to
validate via email.
Few things I notice:
1) I get a pop up stating that the network will shortly cut over to my "normal
vlan", which it eventually does, but not before getting the error stating that
packet fence does not know the status, and to reboot or ipconfig /renew i'd
imagine. Renewing my ip immediately after getting this status update, does not
work. I have to wait an additional 30 seconds or so, then packetfence finally
swaps the access vlan to my "normal vlan" from the "registration vlan".
2) I see that I'm supposed to have 10 minutes to complete the registration.
But packetfence never bothers to cut the vlan back to registration (or
isolation). After a while i get suspicious and log back into the admin
portal, but httpd seems to not be responsive. The actual httpd service is
still hosting 443, but IE simply times out. FF also does this. A quick
restart of the packetfence services get things back on track.
3) The 10 minute grace window appears correct in the portal, but it just seems
like packetfence did not cut things back as it's supposed to. The end result
is, i end up having a node, and a person I am unable to delete to
repeat/attempt this again. I get a complaint that the accesslog indicates
that the node may still be connected. Even after disconnected the endpoint
from the network, no net change.
Any suggestion/help would be very helpful.
Lastly, one last note is that, even with all the documentation, this has to be
by far the most involved install i've ever done of third party
software. Obviously, there are tons of moving parts, but it was just a lot of
massaging before I got onto the right track. What might help is posting a wiki
or a how to explaining how to deploy this in a real basic environment and how
to configure various scenarios. I don't mind writing up a wiki to
contribute since i'm basically doing this already for myself, but I'm not sure
how far i'll get through packetfence. Ideally I would want to get corporate
support once completed, but cant justify the spend before even i get a poc up
and running.
Cheers,
Thomas
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
