Hello here is my conf/pf.conf file # Copyright (C) Inverse inc. [general] # # general.domain # # Domain name of PacketFence system. domain=xxxxxxxxxxxxx.com # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=mlnac # # general.timezone # # System's timezone in string format. List generated from Perl library DateTime::TimeZone # When left empty, it will use the timezone of the server timezone=Africa/Abidjan
[alerting] # # alerting.emailaddr # # Comma-delimited list of email addresses to which notifications of rogue DHCP servers, security_events with an action of "email", or any other # PacketFence-related message goes to. emailaddr=abdoul.diabag...@xxxxxxxxxxx.net [database] # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=xxxxxxxxxxx [advanced] # advanced.configurator # # Enable the Configurator and the Configurator API configurator=disabled [interface eth0] ip=192.168.222.129 type=management,portal mask=255.255.255.0 [interface eth1.110] enforcement=vlan ip=192.168.110.1 type=internal mask=255.255.255.0 [interface eth1.120] enforcement=vlan ip=192.168.120.1 type=internal mask=255.255.255.0 [interface eth1.216] type=other mask=255.255.255.0 [interface eth1.218] type=other mask=255.255.255.0 [interface eth1.219] type=other mask=255.255.255.0 [interface eth1.220] type=other mask=255.255.255.0 [interface eth1.222] type=other mask=255.255.255.0 Le jeu. 12 nov. 2020 à 13:12, Ludovic Zammit <lzam...@inverse.ca> a écrit : > Hello, > > Show me your conf/pf.conf > > Remove the passwords. > > Thanks. > > > Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Nov 12, 2020, at 6:21 AM, Abdoul Raouf Diabagate < > abdoulrao...@gmail.com> wrote: > > after some testing, I have the impression that the error is due to > iptables. because when I open my browser it displays this > <image.png> > > but when I restart the iptables service, the captive portal page displays > correctly > <image.png> > > please who has any idea? I have to restart iptables on each connection > > Le mer. 11 nov. 2020 à 13:23, Abdoul Raouf Diabagate < > abdoulrao...@gmail.com> a écrit : > >> i want to use webauth for computers that don't have 8021x supplicant. >> currently I have the impression that everything is working correctly. >> however when I connect a computer that does not have an 8021x supplicant it >> moves into the registration vlan and it gets an IP address. when i try to >> launch a web page normally i should see the packetfence captive portal but >> nothing is displayed and an error message telling me that my packetfence >> server took too long to respond. >> >> what is weird is that when I put a switch port in the registration vlan >> switchport access mode switchport access vlan 120 where 120 is my >> registration vlan. when I connect a computer it receives an IP address and >> the captive portal is displayed correctly what is the problem in your >> opinion >> >> >> >> Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca> a >> écrit : >> >>> Hello, >>> >>> Do you want to do Web Auth or VLAN enforcement for the portal ? You >>> can’t do both. >>> >>> Thanks, >>> >>> >>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via >>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>> >>> I just installed packetfence version 10.2 ZEN. after following the setup >>> guide i want to do my first test. the test with the 8021X supplicant works >>> and the customer is dynamically registered in the correct vlan >>> >>> However when I want to test the captive portal, I plug a windows >>> computer into one of the switch ports. after a few minutes, the computer is >>> placed in my registration vlan and receives a dynamically ip address from >>> packetfence. and I am redirected to the address >>> http://192.168.222.129/Cisco::Catalyst_2960/sidceab07. >>> after a few minutes of waiting, the browser displays 'waiting time >>> exceeded' >>> >>> However when I move a port of the switch manually in the registration >>> vlan, and I plug in a computer, the portal page automatically displays >>> >>> Any ideas? >>> >>> [switch port conf] >>> interface FastEthernet0/12 >>> switchport mode access >>> authentication order dot1x mab >>> authentication priority dot1x mab >>> authentication port-control auto >>> authentication periodic >>> authentication timer restart 10800 >>> authentication timer reauthenticate 7200 >>> authentication violation replace >>> mab >>> no snmp trap link-status >>> dot1x pae authenticator >>> dot1x timeout quiet-period 2 >>> dot1x timeout tx-period 3 >>> >>> [Packetfence LOG] >>> >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip >>> => (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => >>> (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => >>> "b06ebfab3afe" (pf::radius::authorize) >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP >>> (pf::Connection::ProfileFactory::_from_profile) >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration >>> VLAN (pf::role::getRegistrationRole) >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the >>> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to >>> the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>> INFO: [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to >>> reply using role: 'registration' and URL: ' >>> http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a' >>> (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) >>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using >>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013256.13453 1605013256.14244) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All >>> cluster members are running the same configuration version >>> (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013256.1439 1605013256.14699) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting >>> security_events triggers for accounting cleanup >>> (pf::accounting::acct_maintenance) >>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: >>> [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' >>> (pf::ip4log::ip2mac) >>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: >>> [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) >>> are different for b0:6e:bf:ab:3a:fe - closing ip4log entry >>> (pf::api::update_ip4log) >>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >>> (pf::accounting_events_history::latest_mac_history) >>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >>> (pf::accounting_events_history::latest_mac_history) >>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting >>> security_events triggers for accounting cleanup >>> (pf::accounting::acct_maintenance) >>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013316.14234 1605013316.1507) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013316.15212 1605013316.15555) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using >>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All >>> cluster members are running the same configuration version >>> (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013376.14526 1605013376.1536) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using >>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All >>> cluster members are running the same configuration version >>> (pf::pfcron::task::cluster_check::run) >>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: >>> processed 0 security_events during security_event maintenance >>> (1605013376.15512 1605013376.16199) >>> (pf::security_event::security_event_maintenance) >>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting >>> security_events triggers for accounting cleanup >>> (pf::accounting::acct_maintenance) >>> Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 >>> lvl=info msg="No Inline Network bypass ipsets reload" pid=16318 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
