Thanks Fabrice, that is what I needed to know. Adam
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, 2 May 2017 10:29 PM To: [email protected] Subject: PacketFence-users Digest, Vol 109, Issue 5 Send PacketFence-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. Re: Captive portal SSL not using defined cert after PF7 upgrade (Virginie Girou) 2. status page and "your network should be enable ..." message (Virginie Girou) 3. Re: Support for Cisco libraries (Fabrice Durand) ---------------------------------------------------------------------- Message: 1 Date: Tue, 02 May 2017 10:26:50 +0200 From: Virginie Girou <[email protected]> Subject: Re: [PacketFence-users] Captive portal SSL not using defined cert after PF7 upgrade To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Hello, thank you it works now ! Virginie Girou Equipe systeme DSI - UT1 Capitole Tel : +33 (0)5.61.63.39.19 Le 28/04/2017 23:53, Sokolowski, Darryl a ?crit : > > Fantastic! > > We?re up and running! > > Thanks again to all for your help! > > Darryl > > *From:*Louis Munro [mailto:[email protected]] > *Sent:* Friday, April 28, 2017 5:46 PM > *To:* [email protected] > *Subject:* Re: [PacketFence-users] Captive portal SSL not using > defined cert after PF7 upgrade > > On Apr 28, 2017, at 5:25 PM, Sokolowski, Darryl > <[email protected] <mailto:[email protected]>> wrote: > > Oh, ok, now I understand what Fabrice meant about haproxy > terminating the ssl tunnel. Thanks for that explanation. > > Sorry, I didn?t pick that up right away. > > I changed var/conf/haproxy.conf to point at my certificates, and > every time I restart the service, it rewrites haproxy.conf file > back to using server.pem. > > That's the expected behaviour. > > That file is actually generated based on your configuration, every > time your start the service. > > > > So reading your response again, it sounds like my concatenated > certificate might need to be named ?server.pem?. > > If I rename my certificate to ?server.pem?, it works as desired. > > Is that the way to do it? Or am I still off-base? > > That's the way to go. > > > > ?server.pem? won?t get overwritten by an ugrade? > > This is what the packetfence.spec file does: > > #Make ssl certificate > if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then > openssl req -x509 -new -nodes -days 365 -batch\ > -out /usr/local/pf/conf/ssl/server.crt\ > -keyout /usr/local/pf/conf/ssl/server.key\ > -nodes -config /usr/local/pf/conf/openssl.cnf > cat /usr/local/pf/conf/ssl/server.crt > /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem > fi > > So as long as you have a file named > "/usr/local/pf/conf/ssl/server.crt" it won't overwrite the server.pem. > > > > I agree that this should be configurable. > > I'm adding it to the whishlist for 7.1 or 7.2. > > Regards, > -- > > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > > > > ---------------------------------------------------------------------- > -- > > >>> CONFIDENTIALITY NOTICE <<< > > This electronic mail (e-mail) message, including any and/or all > attachments, is for the sole use of the intended recipient(s), and may > contain confidential and/or privileged information, pertaining to > business conducted under the direction and supervision of EarthColor, > Inc. All e-mail messages, which may have been established as expressed > views and/or opinions (stated either within the e-mail message or any > of its attachments), are left to the sole responsibility of that of > the sender, and are not necessarily attributed to EarthColor, Inc. > Unauthorized interception, review, use, disclosure or distribution of > any such information contained within this e-mail message and/or its > attachment(s), is(are) strictly prohibited. If you are not the > intended recipient, please contact the sender by replying to this > e-mail message, along with the destruction of all copies of the > original e-mail message (along with any attachments). > !DSPAM:67760,5903cfd8169611367415823! > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > !DSPAM:67760,5903cfd8169611367415823! > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > !DSPAM:67760,5903cfd8169611367415823! -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Tue, 02 May 2017 10:47:00 +0200 From: Virginie Girou <[email protected]> Subject: [PacketFence-users] status page and "your network should be enable ..." message To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Hello, I have the following error when I try to contact the status page through captive portal : "Your network should be enabled within a minute or two. If it is not reboot your computer." All other Internet pages work well. I don't understand this behavior. Do you have any idea ? Thank you for all. -- Virginie Girou Equipe systeme DSI - UT1 Capitole Tel : +33 (0)5.61.63.39.19 -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Tue, 2 May 2017 08:58:26 -0400 From: Fabrice Durand <[email protected]> Subject: Re: [PacketFence-users] Support for Cisco libraries To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Hello Adam, the freeradius version installed with PacketFence already have this dictionary. If you want to use theses attributes then you can use the radius filter in order to add them in the reply. Regards Fabrice Le 2017-05-02 ? 00:46, Adam Coyle a ?crit : > > Hello > > > > Checking to see if the below is supported now (or soon) within > Packetfence. > > > > This is from the Cisco website: > http://www.cisco.com/c/en/us/support/docs/wireless/4100-series-wireless-lan-controllers/96103-wlc-attributes.html > > *Cisco Airespace VSAs on Free Radius Sever *** > > The Airespace dictionary file for the Free RADIUS server is available > in the installation directory under the directory name *Share*. The > filename is dictionary.airespace. > > *Note: *The dictionary file might be different for earlier versions. > The examples given in this document are from Free RADIUS version 1.1.6. > > # -*- text -*- > > # > > # As found on the net. > > # > > # $Id: dictionary.airespace,v 1.3.2.1 2005/11/30 22:17:19 aland > Exp $ > > # > > VENDOR Airespace 14179 > > > > BEGIN-VENDOR Airespace > > ATTRIBUTE Airespace-Wlan-Id 1 integer > > ATTRIBUTE Airespace-QOS-Level 2 integer > > ATTRIBUTE Airespace-DSCP 3 integer > > ATTRIBUTE Airespace-8021p-Tag 4 integer > > ATTRIBUTE Airespace-Interface-Name 5 string > > ATTRIBUTE Airespace-ACL-Name 6 string > > > > VALUE Airespace-QOS-Level Bronze 3 > > VALUE Airespace-QOS-Level Silver 0 > > VALUE Airespace-QOS-Level Gold 1 > > VALUE Airespace-QOS-Level Platinum 2 > > > > We are in an environment where there is a single SSID and VLANs are > assigned via radius. We also use AppleTVs and streaming from devices > is poor (especially from Macbooks) unless we select Platinum quality > level. Currently we use NPS to achieve this but we?re lacking Guest > management. It is preferable not to have multiple SSIDs. > > > > This may not be an ?out-of-the-box? solution, but would consider > customisation as well. > > > > Thanks > > > > Adam > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 109, Issue 5 ************************************************* -------------------------------Safe Stamp----------------------------------- Your Anti-virus Service scanned this email. It is safe from known viruses. For more information regarding this service, please contact your service provider. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
