Hello,

Show me your conf/pf.conf

Remove the passwords.

Thanks.

Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>) 




> On Nov 12, 2020, at 6:21 AM, Abdoul Raouf Diabagate <abdoulrao...@gmail.com> 
> wrote:
> 
> after some testing, I have the impression that the error is due to iptables. 
> because when I open my browser it displays this
> <image.png>
> 
> but when I restart the iptables service, the captive portal page displays 
> correctly
> <image.png>
> 
> please who has any idea? I have to restart iptables on each connection
> 
> Le mer. 11 nov. 2020 à 13:23, Abdoul Raouf Diabagate <abdoulrao...@gmail.com 
> <mailto:abdoulrao...@gmail.com>> a écrit :
> i want to use webauth for computers that don't have 8021x supplicant. 
> currently I have the impression that everything is working correctly. however 
> when I connect a computer that does not have an 8021x supplicant it moves 
> into the registration vlan and it gets an IP address. when i try to launch a 
> web page normally i should see the packetfence captive portal but nothing is 
> displayed and an error message telling me that my packetfence server took too 
> long to respond.
> 
> what is weird is that when I put a switch port in the registration vlan 
> switchport access mode switchport access vlan 120 where 120 is my 
> registration vlan. when I connect a computer it receives an IP address and 
> the captive portal is displayed correctly what is the problem in your opinion
> 
> 
> 
> Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca 
> <mailto:lzam...@inverse.ca>> a écrit :
> Hello,
> 
> Do you want to do Web Auth or VLAN enforcement for the portal ? You can’t do 
> both.
> 
> Thanks,
> 
> Ludovic Zammit
> lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca <http://www.inverse.ca/>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org 
> <http://packetfence.org/>) 
> 
> 
> 
> 
> 
>> On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via PacketFence-users 
>> <packetfence-users@lists.sourceforge.net 
>> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>> 
> 
> 
>> I just installed packetfence version 10.2 ZEN. after following the setup 
>> guide i want to do my first test. the test with the 8021X supplicant works 
>> and the customer is dynamically registered in the correct vlan
>> 
>> However when I want to test the captive portal, I plug a windows computer 
>> into one of the switch ports. after a few minutes, the computer is placed in 
>> my registration vlan and receives a dynamically ip address from packetfence. 
>> and I am redirected to the address 
>> http://192.168.222.129/Cisco::Catalyst_2960/sidceab07 
>> <http://192.168.222.129/Cisco::Catalyst_2960/sidceab07>.
>> after a few minutes of waiting, the browser displays 'waiting time exceeded'
>> 
>> However when I move a port of the switch manually in the registration vlan, 
>> and I plug in a computer, the portal page automatically displays
>> 
>> Any ideas?
>> 
>> [switch port conf]
>> interface FastEthernet0/12
>>  switchport mode access
>>  authentication order dot1x mab
>>  authentication priority dot1x mab
>>  authentication port-control auto
>>  authentication periodic
>>  authentication timer restart 10800
>>  authentication timer reauthenticate 7200
>>  authentication violation replace
>>  mab
>>  no snmp trap link-status
>>  dot1x pae authenticator
>>  dot1x timeout quiet-period 2
>>  dot1x timeout tx-period 3
>> 
>> [Packetfence LOG]
>> 
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip => 
>> (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => 
>> (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => 
>> "b06ebfab3afe" (pf::radius::authorize)
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP 
>> (pf::Connection::ProfileFactory::_from_profile)
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration VLAN 
>> (pf::role::getRegistrationRole)
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the returned 
>> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to the 
>> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to reply using 
>> role: 'registration' and URL: 
>> 'http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a 
>> <http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a>' 
>> (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using 300 
>> resolution threshold (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 
>> security_events during security_event maintenance (1605013256.13453 
>> 1605013256.14244)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All cluster 
>> members are running the same configuration version 
>> (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 
>> security_events during security_event maintenance (1605013256.1439 
>> 1605013256.14699)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting 
>> security_events triggers for accounting cleanup 
>> (pf::accounting::acct_maintenance)
>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: 
>> [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' 
>> (pf::ip4log::ip2mac)
>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: 
>> [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) 
>> are different for b0:6e:bf:ab:3a:fe - closing ip4log entry 
>> (pf::api::update_ip4log)
>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: 
>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device 
>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. 
>> (pf::accounting_events_history::latest_mac_history)
>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: 
>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device 
>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. 
>> (pf::accounting_events_history::latest_mac_history)
>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting 
>> security_events triggers for accounting cleanup 
>> (pf::accounting::acct_maintenance)
>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 
>> security_events during security_event maintenance (1605013316.14234 
>> 1605013316.1507)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 
>> security_events during security_event maintenance (1605013316.15212 
>> 1605013316.15555)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using 300 
>> resolution threshold (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All cluster 
>> members are running the same configuration version 
>> (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 
>> security_events during security_event maintenance (1605013376.14526 
>> 1605013376.1536)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using 300 
>> resolution threshold (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All cluster 
>> members are running the same configuration version 
>> (pf::pfcron::task::cluster_check::run)
>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 
>> security_events during security_event maintenance (1605013376.15512 
>> 1605013376.16199)  (pf::security_event::security_event_maintenance)
>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting 
>> security_events triggers for accounting cleanup 
>> (pf::accounting::acct_maintenance)
>> Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 
>> lvl=info msg="No Inline Network bypass ipsets reload" pid=16318
>> 
>> 
> 
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
> 

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to