Hello Fabrice,
The cli is running ok as screenshot below
[image: Inline image 1]
Then, it is endless loop.
Regards,
Reeyon
On Wed, Jan 27, 2016 at 10:48 AM, Durand fabrice <[email protected]> wrote:
> Hello Reeyon,
>
> from the cli are you able to do ?:
> wget https://fingerbank.inverse.ca/api/v1/download?key=my_api_key (where
> my_api_key is your api key)
>
> Regards
> Fabrice
>
>
> Le 2016-01-26 21:41, Reeyon Lim a écrit :
>
> Hello Antoine,
>
> the /usr/local/fingerbank/conf/fingerbank-p0f.fp looks good.
> I have run command: pfcmd fixpermissions, and
> I have run command: chown -R fingerbank:fingerbank /usr/local/fingerbank/*
>
> Result still no good :-(
>
> Regards,
> Reeyon
>
> On Tue, Jan 26, 2016 at 9:54 PM, Antoine Amacher <[email protected]>
> wrote:
>
>> Hello Reeyon,
>>
>> For the issue with fingerbank, you can start by checking the rights and
>> content of the p0f file, which is under
>> /usr/local/fingerbank/conf/fingerbank-p0f.fp, it should be
>> fingerbank:fingerbank as owner.
>> Can you open the file to confirm that the content looks like that(with a
>> lot more lines!):
>>
>> classes = win,unix,other
>> [tcp:request]
>> label = s:unix:5:nil
>> sig = *:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0
>> sig = *:64:0:*:mss*20,7:mss,sok,ts,nop,ws:df,id+:0
>> label = s:unix:5:nil
>>
>> If the rights are not correct, try the following:
>> bin/pfcmd fixpermissions (from /usr/loca/pf directory)
>> chown fingerbank:fingerbank /usr/local/fingerbank/conf/*
>>
>> Thank you.
>>
>>
>> On 01/26/2016 12:59 AM, Reeyon Lim wrote:
>>
>> Hi Fabrice,
>>
>> Updated to version 5.6.1.
>>
>> Your guide is working. In my case, I have to edit the following in
>> vlan_filters.conf to make it work:
>>
>> [EthernetEAP]
>> filter = connection_type
>> operator = is
>> value = Ethernet-EAP
>>
>> [reg:EthernetEAP]
>> scope = AutoRegister
>> role = default
>>
>> It is working and serve my purpose perfectly :)
>>
>> ---------------------------------
>>
>> New problem arise:
>> Fingerbank p0f map update failed on web gui, error shown: *Error!* An
>> error occured while updating file
>> '/usr/local/fingerbank/conf/fingerbank-p0f.fp'
>> Update Fingerbank DB failed as well, I got the email says that "*An
>> error occured while updating file
>> '/usr/local/fingerbank/db/fingerbank_Upstream.db'"*
>> Thank you.
>>
>> Regards,
>> Reeyon
>>
>> On Tue, Jan 26, 2016 at 9:55 AM, Durand fabrice < <[email protected]>
>> [email protected]> wrote:
>>
>>> Hi Reeyon,
>>>
>>> with the command: "raddebug -f /usr/local/pf/var/run/radiusd.sock -t
>>> 3600" you will see what happen with the authentication process.
>>> If you want to use -X then use this command:
>>> /usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X
>>>
>>>
>>> Le 2016-01-25 20:27, Reeyon Lim a écrit :
>>>
>>> Hi Ludovic,
>>> For the radius debug try : raddebug -f
>>> /usr/local/pf/var/run/radiusd.sock -t 3600
>>> *Ans: Where can I look for upon the above command? If i run "radiusd -X
>>> -d /usr/local/pf/raddb, I got the error for the last two lines*
>>> * radiusd: #### Opening IP addresses and Ports #### The server is not
>>> configured to listen on any ports. Cannot start. *
>>>
>>> Are you trying to do a 802.1x authentication ?
>>> *Ans: Yes, I would like to do a wired 802.1x, and captive portal login
>>> as failover. For example, if domain PC connected to the network, they will
>>> authenticate against AD, otherwise it will pop up the captive portal page.
>>> Guest will need to input the username/password which stored in
>>> /usr/local/pf/raddb/users file. (in this case for example, by default is
>>> "demouser/demouser")*
>>>
>>> So you want to do autoreg on 802.1x and mac auth for guest access but
>>> instead of using /usr/local/pf/raddb/users for guest create a local user.
>>>
>>>
>>> *New problem arise:*
>>> *My wired 802.1x authentication against AD is successful, however PF
>>> will never assign the port to default vlan(118), but instead assign to
>>> Registration Vlan(2)*
>>> Below is my switchport configuration from Cisco
>>> interface GigabitEthernet0/33
>>> switchport access vlan 118
>>> switchport mode access
>>> authentication order dot1x mab
>>> authentication priority dot1x mab
>>> authentication port-control auto
>>> authentication periodic
>>> authentication timer restart 10800
>>> authentication timer reauthenticate 10800
>>> mab
>>> no snmp trap link-status
>>> dot1x pae authenticator
>>> dot1x timeout quiet-period 2
>>> dot1x timeout tx-period 3
>>> spanning-tree portfast
>>> end
>>>
>>> *Switch log:*
>>> .Jan 26 09:22:54.696 SG: %DOT1X-5-SUCCESS: Authentication successful for
>>> client (d4be.d939.37c6) on Interface Gi0/33 AuditSessionID
>>> .Jan 26 09:22:54.696 SG: %AUTHMGR-7-RESULT: Authentication result
>>> 'success' from 'dot1x' for client (d4be.d939.37c6) on Interface Gi0/33
>>> AuditSessionID 0AB876FB0000007714341E60
>>> .Jan 26 09:22:54.705 SG: %AUTHMGR-5-VLANASSIGN: VLAN 2 assigned to
>>> Interface Gi0/33 AuditSessionID 0AB876FB0000007714341E60
>>> .Jan 26 09:22:55.753 SG: %AUTHMGR-5-SUCCESS: Authorization succeeded for
>>> client (d4be.d939.37c6) on Interface Gi0/33 AuditSessionID
>>> 0AB876FB0000007714341E60
>>>
>>> Make sure that :
>>>
>>> - Your user exist on the local/external source --* I have included
>>> Radius for Internal, because the method I use is Radius*
>>>
>>> Wrong, don't use packetfence itself as a authentication source.
>>>
>>> - That you put the correct source on your portal profile (try ton create
>>> one with your SSID/ Switch IP) - *Done*
>>> - Use bin/pftest authentication username password to see which source
>>> you match -
>>> *Ans: the command i run: pftest authenticate demouser demouser cdppl,
>>> the output is*
>>> * Authentication FAILED against cdppl (Unable to validate credentials at
>>> the moment)*
>>> * Did not match against cdppl*
>>> * Did not match against cdppl*
>>>
>>> Hope to hear from you, thank you !
>>>
>>>
>>> Ok so what you will have to do:
>>> Create 2 portal profiles:
>>>
>>> One for wire 802.1x (name wire-secure):
>>> Filter: Connection type => Ethernet-EAP
>>> Authentication source => AD
>>> ...
>>>
>>> one for mac-auth (name wire-open):
>>> Filter: Connection Type => WIRED_MAC_AUTH
>>> Authentication source => Local
>>> ...
>>>
>>> So if your connection is 802.1x then it will use the wire-secure portal
>>> with AD source and if your connection is mac-auth it will use the wire-open
>>> portal with local source (Local is the person tab in packetfence).
>>>
>>> Next you have to autoregister wire 802.1x connection, so you will use
>>> vlan filters.
>>> Let's create vlan_filters rules:
>>>
>>> [EthernetEAP]
>>> filter = connection_type
>>> operator = is
>>> value = Ethernet-EAP
>>>
>>> [5:EthernetEAP&EAPTLS]
>>> scope = AutoRegister
>>> role = default
>>>
>>>
>>> I hope it will help.
>>> Also update to pf 5.6.1
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Regards,
>>> Reeyon
>>>
>>> On Mon, Jan 25, 2016 at 10:08 PM, Ludovic Zammit < <[email protected]>
>>> [email protected]> wrote:
>>>
>>>> Hi Reeyon,
>>>>
>>>> For the radius debug try : raddebug -f
>>>> /usr/local/pf/var/run/radiusd.sock -t 3600
>>>>
>>>> Are you trying to do a 802.1x authentication ?
>>>>
>>>> Make sure that :
>>>>
>>>> - Your user exist on the local/external source
>>>> - That you put the correct source on your portal profile (try ton
>>>> create one with your SSID/ Switch IP)
>>>> - Use bin/pftest authentication username password to see which source
>>>> you match
>>>>
>>>> Thanks,
>>>>
>>>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918
>>>> (x145) :: www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>> (http://packetfence.org)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Le 24 janv. 2016 à 21:05, Reeyon Lim < <[email protected]>
>>>> [email protected]> a écrit :
>>>>
>>>> Hi All,
>>>>
>>>> I have successfully setup a lab using ZEN 5.5 version on ESXi.
>>>> Everything is working fine such as VLAN enforcement and the captive portal
>>>> page for registration.
>>>> I did followed
>>>> <http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.6.0.pdf>
>>>> http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.6.0.pdf
>>>> manual guide, when the landing page pop up and I key in the default
>>>> "demouser/demouser", it shows unable to validate credentials at the moment.
>>>>
>>>> So, going in to shell and run radiusd -X -d /usr/local/pf/raddb/
>>>> The output at the last two line is:
>>>>
>>>> *radiusd: #### Opening IP addresses and Ports ####*
>>>> *The server is not configured to listen on any ports. Cannot start.*
>>>>
>>>> I run radtest command and it didn't work as well
>>>> Please help!
>>>>
>>>> Regards,
>>>> Reeyon
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________
>>>> PacketFence-users mailing list
>>>> <[email protected]>
>>>> [email protected]
>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup
>>> Now!http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup
>> Now!http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Antoine [email protected] :: +1.514.447.4918 *130 ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup
> Now!http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
