Hello everyone, I come to ask you again for the problem. I see that the
Packetfence solution works well in many people... please someone could help
me??

Le jeu. 12 nov. 2020 à 13:16, Abdoul Raouf Diabagate <abdoulrao...@gmail.com>
a écrit :

>
> Hello here is my conf/pf.conf file
>
> # Copyright (C) Inverse inc.
> [general]
> #
> # general.domain
> #
> # Domain name of PacketFence system.
> domain=xxxxxxxxxxxxx.com
> #
> # general.hostname
> #
> # Hostname of PacketFence system.  This is concatenated with the domain in
> Apache rewriting rules and therefore must be resolvable by clients.
> hostname=mlnac
> #
> # general.timezone
> #
> # System's timezone in string format. List generated from Perl library
> DateTime::TimeZone
> # When left empty, it will use the timezone of the server
> timezone=Africa/Abidjan
>
> [alerting]
> #
> # alerting.emailaddr
> #
> # Comma-delimited list of email addresses to which notifications of rogue
> DHCP servers, security_events with an action of "email", or any other
> # PacketFence-related message goes to.
> emailaddr=abdoul.diabag...@xxxxxxxxxxx.net
>
> [database]
> #
> # database.pass
> #
> # Password for the mysql database used by PacketFence. Changing this
> parameter after the initial configuration will *not* change it in the
> database it self, only in the configuration.
> pass=xxxxxxxxxxx
>
> [advanced]
> # advanced.configurator
> #
> # Enable the Configurator and the Configurator API
> configurator=disabled
>
> [interface eth0]
> ip=192.168.222.129
> type=management,portal
> mask=255.255.255.0
>
> [interface eth1.110]
> enforcement=vlan
> ip=192.168.110.1
> type=internal
> mask=255.255.255.0
>
> [interface eth1.120]
> enforcement=vlan
> ip=192.168.120.1
> type=internal
> mask=255.255.255.0
>
> [interface eth1.216]
> type=other
> mask=255.255.255.0
>
> [interface eth1.218]
> type=other
> mask=255.255.255.0
>
> [interface eth1.219]
> type=other
> mask=255.255.255.0
>
> [interface eth1.220]
> type=other
> mask=255.255.255.0
>
> [interface eth1.222]
> type=other
> mask=255.255.255.0
>
>
> Le jeu. 12 nov. 2020 à 13:12, Ludovic Zammit <lzam...@inverse.ca> a
> écrit :
>
>> Hello,
>>
>> Show me your conf/pf.conf
>>
>> Remove the passwords.
>>
>> Thanks.
>>
>>
>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>>
>>
>>
>> On Nov 12, 2020, at 6:21 AM, Abdoul Raouf Diabagate <
>> abdoulrao...@gmail.com> wrote:
>>
>> after some testing, I have the impression that the error is due to
>> iptables. because when I open my browser it displays this
>> <image.png>
>>
>> but when I restart the iptables service, the captive portal page displays
>> correctly
>> <image.png>
>>
>> please who has any idea? I have to restart iptables on each connection
>>
>> Le mer. 11 nov. 2020 à 13:23, Abdoul Raouf Diabagate <
>> abdoulrao...@gmail.com> a écrit :
>>
>>> i want to use webauth for computers that don't have 8021x supplicant.
>>> currently I have the impression that everything is working correctly.
>>> however when I connect a computer that does not have an 8021x supplicant it
>>> moves into the registration vlan and it gets an IP address. when i try to
>>> launch a web page normally i should see the packetfence captive portal but
>>> nothing is displayed and an error message telling me that my packetfence
>>> server took too long to respond.
>>>
>>> what is weird is that when I put a switch port in the registration vlan
>>> switchport access mode switchport access vlan 120 where 120 is my
>>> registration vlan. when I connect a computer it receives an IP address and
>>> the captive portal is displayed correctly what is the problem in your
>>> opinion
>>>
>>>
>>>
>>> Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca> a
>>> écrit :
>>>
>>>> Hello,
>>>>
>>>> Do you want to do Web Auth or VLAN enforcement for the portal ? You
>>>> can’t do both.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>>>> www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>>> (http://packetfence.org)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via
>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
>>>>
>>>> I just installed packetfence version 10.2 ZEN. after following the
>>>> setup guide i want to do my first test. the test with the 8021X supplicant
>>>> works and the customer is dynamically registered in the correct vlan
>>>>
>>>> However when I want to test the captive portal, I plug a windows
>>>> computer into one of the switch ports. after a few minutes, the computer is
>>>> placed in my registration vlan and receives a dynamically ip address from
>>>> packetfence. and I am redirected to the address
>>>> http://192.168.222.129/Cisco::Catalyst_2960/sidceab07.
>>>> after a few minutes of waiting, the browser displays 'waiting time
>>>> exceeded'
>>>>
>>>> However when I move a port of the switch manually in the registration
>>>> vlan, and I plug in a computer, the portal page automatically displays
>>>>
>>>> Any ideas?
>>>>
>>>> [switch port conf]
>>>> interface FastEthernet0/12
>>>>  switchport mode access
>>>>  authentication order dot1x mab
>>>>  authentication priority dot1x mab
>>>>  authentication port-control auto
>>>>  authentication periodic
>>>>  authentication timer restart 10800
>>>>  authentication timer reauthenticate 7200
>>>>  authentication violation replace
>>>>  mab
>>>>  no snmp trap link-status
>>>>  dot1x pae authenticator
>>>>  dot1x timeout quiet-period 2
>>>>  dot1x timeout tx-period 3
>>>>
>>>> [Packetfence LOG]
>>>>
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip
>>>> => (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac =>
>>>> (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username =>
>>>> "b06ebfab3afe" (pf::radius::authorize)
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP
>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration
>>>> VLAN (pf::role::getRegistrationRole)
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the
>>>> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to
>>>> the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827)
>>>> INFO: [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to
>>>> reply using role: 'registration' and URL: '
>>>> http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a'
>>>> (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
>>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using
>>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013256.13453 1605013256.14244)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All
>>>> cluster members are running the same configuration version
>>>> (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013256.1439 1605013256.14699)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting
>>>> security_events triggers for accounting cleanup
>>>> (pf::accounting::acct_maintenance)
>>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN:
>>>> [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103'
>>>> (pf::ip4log::ip2mac)
>>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO:
>>>> [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103)
>>>> are different for b0:6e:bf:ab:3a:fe - closing ip4log entry
>>>> (pf::api::update_ip4log)
>>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN:
>>>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device
>>>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet.
>>>> (pf::accounting_events_history::latest_mac_history)
>>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN:
>>>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device
>>>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet.
>>>> (pf::accounting_events_history::latest_mac_history)
>>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting
>>>> security_events triggers for accounting cleanup
>>>> (pf::accounting::acct_maintenance)
>>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013316.14234 1605013316.1507)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013316.15212 1605013316.15555)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using
>>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All
>>>> cluster members are running the same configuration version
>>>> (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013376.14526 1605013376.1536)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using
>>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All
>>>> cluster members are running the same configuration version
>>>> (pf::pfcron::task::cluster_check::run)
>>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1605013376.15512 1605013376.16199)
>>>>  (pf::security_event::security_event_maintenance)
>>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting
>>>> security_events triggers for accounting cleanup
>>>> (pf::accounting::acct_maintenance)
>>>> Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000
>>>> lvl=info msg="No Inline Network bypass ipsets reload" pid=16318
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to