Yes I have it, if I use the account to do a remote wmi on Windows pc, it works..but packetfence cannot trigger any scan on Captive Portal .. also when I do wmic manually from the Packetfence server, it shows "Memory allocation error"..
On Thu, Aug 1, 2019, 8:09 PM Fabrice Durand via PacketFence-users < [email protected]> wrote: > Hello Zairy, > > you need to have an account that able to connect to wmi on the remote > laptop, so it's probably a local account. > > Regards > > Fabrice > > > Le 19-07-31 à 23 h 24, Zairy Fajar via PacketFence-users a écrit : > > Ok i understand, but how do I configure WMI scan engine to scan only one > host which is not in the AD domain? ( It's only in the default WORKGROUP) > I can't get the scan to work, the packetfence.log doesn't show anything > about scan > > On Thu, Jul 18, 2019, 7:58 PM Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> It depend how you configure your violation. >> >> >> Le 19-07-18 à 05 h 33, Chadwick Boseman via PacketFence-users a écrit : >> >> Hi Fabrice, >> Thanks a lot for ur answer, really helpful! >> >> One more thing I wanna ask is, if I do as you said >> >> *"You need to create a wmi scan engine and add it in the connection >> profile."* >> >> When the client device triggers a violation, will it be automatically >> moved to the isolation VLAN >> >> >> On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via PacketFence-users < >> [email protected]> wrote: >> >>> Hello Chadwick, >>> Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users a écrit : >>> >>> Hi All, >>> So I have a PF Zen up and running, >>> >>> I have some questions regarding my understanding of VLAN membership in >>> PF: >>> 1. When a new device (never connect / never register before) is >>> connected to the switch, it will be put into the registration VLAN. And >>> after they register their device from the captive portal it will be moved >>> to guest VLAN automatically. Is this correct?? if not, please explain to me >>> >>> In fact the vlan you want. >>> >>> 2. after the device's MAC is registered in the PF server, does the user >>> have to manually enable the 802.1x auth from their ethernet adapter? or can >>> PF actually automatically change the VLAN to default/normal VLAN and >>> activate the 802.1x auth? >>> >>> The supplicant needs to be configured if you wants to do 802.1x, you can >>> do it by GPO if you have a domain. >>> >>> Also you can do provisioning with packetfence but only for wireless >>> right now. >>> >>> >>> i followed the pf installation guide , the captive portal is configured >>> to the bare minimum where the user just need to agree to some policy, and >>> the device then registered. My VLANs are as follow : >>> Guest : VLAN 640 >>> Registration : VLAN 640 >>> Normal/default : VLAN 625 >>> Isolation : VLAN 641 >>> >>> The guest and registration VLANs are the same because the installation >>> guide said >>> *"in Role by VLAN ID, set the registration and guest VLAN ID to 20 - >>> this will ensure unregistered clients are initially put in VLAN 20 and >>> avoid a VLAN change once they properly authenticate from the captive >>> portal"* >>> >>> *It's for web authentication, not for vlan enforcement, so the >>> registration vlan needs to be different than the guest vlan.* >>> >>> >>> I want something more to do on the captive portal, so I configured a WMI >>> scan so when a client register their device on the captive portal, WMI >>> checks whether they have an Antivirus installed or not.. >>> I want that if the device doesn't have an AV installed, it is moved to >>> the isolation VLAN (That's the correct behavior right?) so how do I achieve >>> this? >>> >>> You need to create a wmi scan engine and add it in the connection >>> profile. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> >>> Thanks a lot guys..I'll really appreciate any explanation/answer >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
