Hello Reeyon,
from the cli are you able to do ?:
wget https://fingerbank.inverse.ca/api/v1/download?key=my_api_key (where
my_api_key is your api key)
Regards
Fabrice
Le 2016-01-26 21:41, Reeyon Lim a écrit :
Hello Antoine,
the /usr/local/fingerbank/conf/fingerbank-p0f.fp looks good.
I have run command: pfcmd fixpermissions, and
I have run command: chown -R fingerbank:fingerbank /usr/local/fingerbank/*
Result still no good :-(
Regards,
Reeyon
On Tue, Jan 26, 2016 at 9:54 PM, Antoine Amacher <[email protected]
<mailto:[email protected]>> wrote:
Hello Reeyon,
For the issue with fingerbank, you can start by checking the
rights and content of the p0f file, which is under
/usr/local/fingerbank/conf/fingerbank-p0f.fp, it should be
fingerbank:fingerbank as owner.
Can you open the file to confirm that the content looks like
that(with a lot more lines!):
classes = win,unix,other
[tcp:request]
label = s:unix:5:nil
sig = *:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0
sig = *:64:0:*:mss*20,7:mss,sok,ts,nop,ws:df,id+:0
label = s:unix:5:nil
If the rights are not correct, try the following:
bin/pfcmd fixpermissions (from /usr/loca/pf directory)
chown fingerbank:fingerbank /usr/local/fingerbank/conf/*
Thank you.
On 01/26/2016 12:59 AM, Reeyon Lim wrote:
Hi Fabrice,
Updated to version 5.6.1.
Your guide is working. In my case, I have to edit the following
in vlan_filters.conf to make it work:
[EthernetEAP]
filter = connection_type
operator = is
value = Ethernet-EAP
[reg:EthernetEAP]
scope = AutoRegister
role = default
It is working and serve my purpose perfectly :)
---------------------------------
New problem arise:
Fingerbank p0f map update failed on web gui, error shown:
*Error!*An error occured while updating file
'/usr/local/fingerbank/conf/fingerbank-p0f.fp'
Update Fingerbank DB failed as well, I got the email says that
"*An error occured while updating file
'/usr/local/fingerbank/db/fingerbank_Upstream.db'"*
Thank you.
Regards,
Reeyon
On Tue, Jan 26, 2016 at 9:55 AM, Durand fabrice
<[email protected] <mailto:[email protected]>> wrote:
Hi Reeyon,
with the command: "raddebug -f
/usr/local/pf/var/run/radiusd.sock -t 3600" you will see what
happen with the authentication process.
If you want to use -X then use this command:
/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X
Le 2016-01-25 20:27, Reeyon Lim a écrit :
Hi Ludovic,
For the radius debug try : raddebug -f
/usr/local/pf/var/run/radiusd.sock -t 3600
*Ans: Where can I look for upon the above command? If i run
"radiusd -X -d /usr/local/pf/raddb, I got the error for the
last two lines*
*
radiusd: #### Opening IP addresses and Ports ####
The server is not configured to listen on any ports. Cannot
start.
*
Are you trying to do a 802.1x authentication ?
*Ans: Yes, I would like to do a wired 802.1x, and captive
portal login as failover. For example, if domain PC
connected to the network, they will authenticate against AD,
otherwise it will pop up the captive portal page. Guest will
need to input the username/password which stored in
/usr/local/pf/raddb/users file. (in this case for example,
by default is "demouser/demouser")*
So you want to do autoreg on 802.1x and mac auth for guest
access but instead of using /usr/local/pf/raddb/users for
guest create a local user.
*
*
*_New problem arise:_*
*My wired 802.1x authentication against AD is successful,
however PF will never assign the port to default vlan(118),
but instead assign to Registration Vlan(2)*
Below is my switchport configuration from Cisco
interface GigabitEthernet0/33
switchport access vlan 118
switchport mode access
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
end
*_Switch log:_*
.Jan 26 09:22:54.696 SG: %DOT1X-5-SUCCESS: Authentication
successful for client (d4be.d939.37c6) on Interface Gi0/33
AuditSessionID
.Jan 26 09:22:54.696 SG: %AUTHMGR-7-RESULT: Authentication
result 'success' from 'dot1x' for client (d4be.d939.37c6) on
Interface Gi0/33 AuditSessionID 0AB876FB0000007714341E60
.Jan 26 09:22:54.705 SG: %AUTHMGR-5-VLANASSIGN: VLAN 2
assigned to Interface Gi0/33 AuditSessionID
0AB876FB0000007714341E60
.Jan 26 09:22:55.753 SG: %AUTHMGR-5-SUCCESS: Authorization
succeeded for client (d4be.d939.37c6) on Interface Gi0/33
AuditSessionID 0AB876FB0000007714341E60
Make sure that :
- Your user exist on the local/external source --*I have
included Radius for Internal, because the method I use is
Radius*
Wrong, don't use packetfence itself as a authentication source.
- That you put the correct source on your portal profile
(try ton create one with your SSID/ Switch IP) - *Done*
- Use bin/pftest authentication username password to see
which source you match -
*Ans: the command i run: pftest authenticate demouser
demouser cdppl, the output is*
* Authentication FAILED against cdppl (Unable to validate
credentials at the moment)*
*Did not match against cdppl*
*Did not match against cdppl*
Hope to hear from you, thank you !
Ok so what you will have to do:
Create 2 portal profiles:
One for wire 802.1x (name wire-secure):
Filter: Connection type => Ethernet-EAP
Authentication source => AD
...
one for mac-auth (name wire-open):
Filter: Connection Type => WIRED_MAC_AUTH
Authentication source => Local
...
So if your connection is 802.1x then it will use the
wire-secure portal with AD source and if your connection is
mac-auth it will use the wire-open portal with local source
(Local is the person tab in packetfence).
Next you have to autoregister wire 802.1x connection, so you
will use vlan filters.
Let's create vlan_filters rules:
[EthernetEAP]
filter = connection_type
operator = is
value = Ethernet-EAP
[5:EthernetEAP&EAPTLS]
scope = AutoRegister
role = default
I hope it will help.
Also update to pf 5.6.1
Regards
Fabrice
Regards,
Reeyon
On Mon, Jan 25, 2016 at 10:08 PM, Ludovic Zammit
<[email protected] <mailto:[email protected]>> wrote:
Hi Reeyon,
For the radius debug try : raddebug -f
/usr/local/pf/var/run/radiusd.sock -t 3600
Are you trying to do a 802.1x authentication ?
Make sure that :
- Your user exist on the local/external source
- That you put the correct source on your portal profile
(try ton create one with your SSID/ Switch IP)
- Use bin/pftest authentication username password to see
which source you match
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%2B1.514.447.4918> (x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
Le 24 janv. 2016 à 21:05, Reeyon Lim
<[email protected] <mailto:[email protected]>> a
écrit :
Hi All,
I have successfully setup a lab using ZEN 5.5 version
on ESXi. Everything is working fine such as VLAN
enforcement and the captive portal page for registration.
I did followed
http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.6.0.pdf
manual guide, when the landing page pop up and I key in
the default "demouser/demouser", it shows unable to
validate credentials at the moment.
So, going in to shell and run radiusd -X -d
/usr/local/pf/raddb/
The output at the last two line is:
/
/
/radiusd: #### Opening IP addresses and Ports ####/
/The server is not configured to listen on any ports.
Cannot start./
I run radtest command and it didn't work as well
Please help!
Regards,
Reeyon
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into
Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just
$35/Month
Monitor end-to-end web transactions and take corrective
actions now
Troubleshoot faster and improve end-user experience.
Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into
Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just
$35/Month
Monitor end-to-end web transactions and take corrective
actions now
Troubleshoot faster and improve end-user experience.
Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application
Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective
actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%2B1.514.447.4918> *130 ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) and
PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
