Hello, Show me your conf/pf.conf
Remove the passwords. Thanks. Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Nov 12, 2020, at 6:21 AM, Abdoul Raouf Diabagate <abdoulrao...@gmail.com> > wrote: > > after some testing, I have the impression that the error is due to iptables. > because when I open my browser it displays this > <image.png> > > but when I restart the iptables service, the captive portal page displays > correctly > <image.png> > > please who has any idea? I have to restart iptables on each connection > > Le mer. 11 nov. 2020 à 13:23, Abdoul Raouf Diabagate <abdoulrao...@gmail.com > <mailto:abdoulrao...@gmail.com>> a écrit : > i want to use webauth for computers that don't have 8021x supplicant. > currently I have the impression that everything is working correctly. however > when I connect a computer that does not have an 8021x supplicant it moves > into the registration vlan and it gets an IP address. when i try to launch a > web page normally i should see the packetfence captive portal but nothing is > displayed and an error message telling me that my packetfence server took too > long to respond. > > what is weird is that when I put a switch port in the registration vlan > switchport access mode switchport access vlan 120 where 120 is my > registration vlan. when I connect a computer it receives an IP address and > the captive portal is displayed correctly what is the problem in your opinion > > > > Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca > <mailto:lzam...@inverse.ca>> a écrit : > Hello, > > Do you want to do Web Auth or VLAN enforcement for the portal ? You can’t do > both. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > >> On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >> > > >> I just installed packetfence version 10.2 ZEN. after following the setup >> guide i want to do my first test. the test with the 8021X supplicant works >> and the customer is dynamically registered in the correct vlan >> >> However when I want to test the captive portal, I plug a windows computer >> into one of the switch ports. after a few minutes, the computer is placed in >> my registration vlan and receives a dynamically ip address from packetfence. >> and I am redirected to the address >> http://192.168.222.129/Cisco::Catalyst_2960/sidceab07 >> <http://192.168.222.129/Cisco::Catalyst_2960/sidceab07>. >> after a few minutes of waiting, the browser displays 'waiting time exceeded' >> >> However when I move a port of the switch manually in the registration vlan, >> and I plug in a computer, the portal page automatically displays >> >> Any ideas? >> >> [switch port conf] >> interface FastEthernet0/12 >> switchport mode access >> authentication order dot1x mab >> authentication priority dot1x mab >> authentication port-control auto >> authentication periodic >> authentication timer restart 10800 >> authentication timer reauthenticate 7200 >> authentication violation replace >> mab >> no snmp trap link-status >> dot1x pae authenticator >> dot1x timeout quiet-period 2 >> dot1x timeout tx-period 3 >> >> [Packetfence LOG] >> >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip => >> (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => >> (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => >> "b06ebfab3afe" (pf::radius::authorize) >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP >> (pf::Connection::ProfileFactory::_from_profile) >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration VLAN >> (pf::role::getRegistrationRole) >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the returned >> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to the >> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: >> [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to reply using >> role: 'registration' and URL: >> 'http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a >> <http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a>' >> (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) >> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using 300 >> resolution threshold (pf::pfcron::task::cluster_check::run) >> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 >> security_events during security_event maintenance (1605013256.13453 >> 1605013256.14244) (pf::security_event::security_event_maintenance) >> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All cluster >> members are running the same configuration version >> (pf::pfcron::task::cluster_check::run) >> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 >> security_events during security_event maintenance (1605013256.1439 >> 1605013256.14699) (pf::security_event::security_event_maintenance) >> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting >> security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: >> [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' >> (pf::ip4log::ip2mac) >> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: >> [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) >> are different for b0:6e:bf:ab:3a:fe - closing ip4log entry >> (pf::api::update_ip4log) >> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >> (pf::accounting_events_history::latest_mac_history) >> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >> (pf::accounting_events_history::latest_mac_history) >> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting >> security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 >> security_events during security_event maintenance (1605013316.14234 >> 1605013316.1507) (pf::security_event::security_event_maintenance) >> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 >> security_events during security_event maintenance (1605013316.15212 >> 1605013316.15555) (pf::security_event::security_event_maintenance) >> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using 300 >> resolution threshold (pf::pfcron::task::cluster_check::run) >> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All cluster >> members are running the same configuration version >> (pf::pfcron::task::cluster_check::run) >> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 >> security_events during security_event maintenance (1605013376.14526 >> 1605013376.1536) (pf::security_event::security_event_maintenance) >> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using 300 >> resolution threshold (pf::pfcron::task::cluster_check::run) >> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All cluster >> members are running the same configuration version >> (pf::pfcron::task::cluster_check::run) >> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 >> security_events during security_event maintenance (1605013376.15512 >> 1605013376.16199) (pf::security_event::security_event_maintenance) >> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting >> security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 >> lvl=info msg="No Inline Network bypass ipsets reload" pid=16318 >> >> > >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users