cboley@SRVCHPACKETFENCE:~$ cat /usr/local/pf/conf/pf-release PacketFence 5.3.1
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, November 09, 2015 12:10 PM To: [email protected] Subject: PacketFence-users Digest, Vol 91, Issue 9 Send PacketFence-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. Re: Debian package dependency (Durand fabrice) 2. Re: Sources for wmi packages (Durand fabrice) 3. Re: Suricata alerts to Packet Fence (Derek, Wuelfrath) (Derek Wuelfrath) 4. Re: Suricata alerts to Packet Fence (Derek, Wuelfrath) (Derek Wuelfrath) 5. radius authorization interval (Morris, Andi) ---------------------------------------------------------------------- Message: 1 Date: Fri, 6 Nov 2015 19:00:06 -0500 From: Durand fabrice <[email protected]> Subject: Re: [PacketFence-users] Debian package dependency To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=iso-8859-15; format=flowed Hello Nicola, take a look at http://inverse.ca/downloads/PacketFence/debian-feature-ubuntu-14.04/ i did Jessie package. (https://github.com/inverse-inc/packetfence/blob/feature/ubuntu-14.04/debian/control) Regards Fabrice Le 2015-11-06 02:49, Nicola Canepa a ?crit : > Hello. > Since jessie (Debian 8) doesn't supply the package "dhcp3-server" any > more, would it be possible to change the dependency in "isc-dhcp-server" > for the packetfence Debian package, which is present also in older > releases (squeeze and wheezy)? > > Thank you. > > Nicola > ------------------------------ Message: 2 Date: Fri, 6 Nov 2015 19:01:10 -0500 From: Durand fabrice <[email protected]> Subject: Re: [PacketFence-users] Sources for wmi packages To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Hello Nicola, i will send it to you on Monday. Regards Fabrice Le 2015-11-06 05:45, Nicola Canepa a ?crit : > Hello, does someone know where I can find the ".deb" sources for the > wmi packages? > I need to build > >> libnet-wmiclient-perl >> libwmiclient1 >> wmi-client > > for armfh, but I cannot find the sources. > > Thanks for any pointer. > > Nicola > > -- > > Nicola Canepa > Tel: +39-0522-399-3474 > [email protected] > --- > Il contenuto della presente comunicazione ? riservato e destinato > esclusivamente ai destinatari indicati. Nel caso in cui sia ricevuto da > persona diversa dal destinatario sono proibite la diffusione, la > distribuzione e la copia. Nel caso riceveste la presente per errore, Vi > preghiamo di informarci e di distruggerlo e/o cancellarlo dal Vostro > computer, senza utilizzare i dati contenuti. La presente comunicazione > (comprensiva dei documenti allegati) non avr? valore di proposta contrattuale > e/o accettazione di proposte provenienti dal destinatario, n? rinuncia o > riconoscimento di diritti, debiti e/o crediti, n? sar? impegnativa, qualora > non sia sottoscritto successivo accordo da chi pu? validamente obbligarci. > Non deriver? alcuna responsabilit? precontrattuale a ns. carico, se la > presente non sia seguita da contratto sottoscritto dalle parti. > > The content of the above communication is strictly confidential and reserved > solely for the referred addressees. In the event of receipt by persons > different from the addressee, copying, alteration and distribution are > forbidden. If received by mistake we ask you to inform us and to destroy > and/or delete from your computer without using the data herein contained. The > present message (eventual annexes inclusive) shall not be considered a > contractual proposal and/or acceptance of offer from the addressee, nor > waiver recognizance of rights, debts and/or credits, nor shall it be binding > when not executed as a subsequent agreement by persons who could lawfully > represent us. No pre-contractual liability shall apply to us when the present > communication is not followed by any binding agreement between the parties. > > > ---------------------------------------------------------------------- > -------- > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Mon, 9 Nov 2015 11:52:38 -0500 From: Derek Wuelfrath <[email protected]> Subject: Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath) To: ML PF <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 Please state me the specific version of PacketFence you are running (cat /usr/local/pf/conf/pf-release) and I will point you the exact lines to change :) Thanks Cheers! dw. ? Derek Wuelfrath [email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Nov 4, 2015, at 10:46 AM, Boley, Chris <[email protected]> wrote: > > Derek. At last mail I had told you that adapting the regex was problematic > because what I had in my packet fence was very different from what you had > described. > "https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L > 103 Commenting out lines 103 to 131 and adding your new regex code > afterward > According to changelog in my system: Last commit date showed Date: Fri Jul > 24 10:34:46 2015 -0400 > I'm pretty sure my version is 5.3.1 > > So again: > Where/how should I apply your suggested regex code seen below? > > if ( $_ =~ > /^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+ > ?)\].+?\}\s+(.+?):.+?>\s(.+?):/ ) { > > $date = $1; > > $sid = $2; > > $descr = $3; > > $srcip = $5; > > $dstip = $6; > > } else { > > $logger->warn("unknown input: $_ "); > > next; > > } > > > ====================================================================== > ================================= I saw your suggestion regarding > SecurityOnion however I am running Suricata from a FreeBsd platform within > Jails. > Security Onion doesn't offer that for me. > Thanks! > > ---------------------------------------------------------------------- > -------- _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------ Message: 4 Date: Mon, 9 Nov 2015 11:53:19 -0500 From: Derek Wuelfrath <[email protected]> Subject: Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath) To: ML PF <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 > I saw your suggestion regarding SecurityOnion however I am running Suricata > from a FreeBsd platform within Jails. > Security Onion doesn't offer that for me. The refactor also includes support for remote Suricata and Snort :) Cheers! dw. ? Derek Wuelfrath [email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Nov 4, 2015, at 10:46 AM, Boley, Chris <[email protected]> wrote: > > Derek. At last mail I had told you that adapting the regex was problematic > because what I had in my packet fence was very different from what you had > described. > "https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L > 103 Commenting out lines 103 to 131 and adding your new regex code > afterward > According to changelog in my system: Last commit date showed Date: Fri Jul > 24 10:34:46 2015 -0400 > I'm pretty sure my version is 5.3.1 > > So again: > Where/how should I apply your suggested regex code seen below? > > if ( $_ =~ > /^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+ > ?)\].+?\}\s+(.+?):.+?>\s(.+?):/ ) { > > $date = $1; > > $sid = $2; > > $descr = $3; > > $srcip = $5; > > $dstip = $6; > > } else { > > $logger->warn("unknown input: $_ "); > > next; > > } > > > ====================================================================== > ================================= I saw your suggestion regarding > SecurityOnion however I am running Suricata from a FreeBsd platform within > Jails. > Security Onion doesn't offer that for me. > Thanks! > > ---------------------------------------------------------------------- > -------- _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------ Message: 5 Date: Mon, 9 Nov 2015 17:09:22 +0000 From: "Morris, Andi" <[email protected]> Subject: [PacketFence-users] radius authorization interval To: "[email protected]" <[email protected]> Message-ID: <47fac5a830933045a14a6ef10f2c796e01b182d...@e2k10db1.internal.uwic.ac.uk> Content-Type: text/plain; charset="us-ascii" Hi all, I'm getting reports of users being briefly disconnected from the wireless network every few minutes, which is something that didn't used to happen when users were connected to another SSID using exactly the same hardware (Cisco WLC). I'm wondering if it's something like radius authorization, as we see it on not just our dot1x SSID, but our SSID that is mac authenticated through PFs device registration setup. According to users it's around every 5 minutes, however looking at some logs for one client using the mac_auth network I can see it seems to re-auth every 11/12 minutes. Log snippet below: Nov 09 11:55:59 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 11:55:59 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 11:55:59 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 11:55:59 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 11:55:59 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusAccessAccept) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] handling radius autz request: from switch_ip => (192.168.1.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (e8:65:49:e9:2c:60), mac => [30:59:b7:82:14:1a], port => 13, username => "3059b782141a" (pf::radius::authorize) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 12:07:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusA ccessAccept) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] handling radius autz request: from switch_ip => (192.168.1.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (e8:65:49:e9:2c:60), mac => [30:59:b7:82:14:1a], port => 13, username => "3059b782141a" (pf::radius::authorize) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 12:18:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusA ccessAccept) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] handling radius autz request: from switch_ip => (192.168.1.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (e8:65:49:e9:2c:60), mac => [30:59:b7:82:14:1a], port => 13, username => "3059b782141a" (pf::radius::authorize) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 12:32:58 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusA ccessAccept) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] handling radius autz request: from switch_ip => (192.168.1.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (e8:65:49:e9:2c:60), mac => [30:59:b7:82:14:1a], port => 13, username => "3059b782141a" (pf::radius::authorize) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 12:44:16 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusA ccessAccept) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] handling radius autz request: from switch_ip => (192.168.1.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (e8:65:49:e9:2c:60), mac => [30:59:b7:82:14:1a], port => 13, username => "3059b782141a" (pf::radius::authorize) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Can't find provisioner (pf::vlan::getNormalVlan) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] Username was defined "3059b782141a" - returning user based role 'gaming' (pf::vlan::getNormalVlan) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] PID: "st12345678", Status: reg Returned VLAN: 713, Role: gaming (pf::vlan::fetchVlanForNode) Nov 09 12:55:33 httpd.aaa(30934) INFO: [30:59:b7:82:14:1a] (192.168.1.1) Returning ACCEPT with VLAN 713 and role (pf::Switch::returnRadiusA ccessAccept) Is this something that is configurable so that I can try changing it and see if it is what's causing these brief interruptions? The session-timeout variable on the WLC is set to 1800 seconds. Cheers, Andi ________________________________ [Cardiff Metropolitan University - 150 years of nurturing talent]<http://www.cardiffmet.ac.uk/cardiffmet150> -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 ------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 91, Issue 9 ************************************************ ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
