Hello everyone, I come to ask you again for the problem. I see that the Packetfence solution works well in many people... please someone could help me??
Le jeu. 12 nov. 2020 à 13:16, Abdoul Raouf Diabagate <abdoulrao...@gmail.com> a écrit : > > Hello here is my conf/pf.conf file > > # Copyright (C) Inverse inc. > [general] > # > # general.domain > # > # Domain name of PacketFence system. > domain=xxxxxxxxxxxxx.com > # > # general.hostname > # > # Hostname of PacketFence system. This is concatenated with the domain in > Apache rewriting rules and therefore must be resolvable by clients. > hostname=mlnac > # > # general.timezone > # > # System's timezone in string format. List generated from Perl library > DateTime::TimeZone > # When left empty, it will use the timezone of the server > timezone=Africa/Abidjan > > [alerting] > # > # alerting.emailaddr > # > # Comma-delimited list of email addresses to which notifications of rogue > DHCP servers, security_events with an action of "email", or any other > # PacketFence-related message goes to. > emailaddr=abdoul.diabag...@xxxxxxxxxxx.net > > [database] > # > # database.pass > # > # Password for the mysql database used by PacketFence. Changing this > parameter after the initial configuration will *not* change it in the > database it self, only in the configuration. > pass=xxxxxxxxxxx > > [advanced] > # advanced.configurator > # > # Enable the Configurator and the Configurator API > configurator=disabled > > [interface eth0] > ip=192.168.222.129 > type=management,portal > mask=255.255.255.0 > > [interface eth1.110] > enforcement=vlan > ip=192.168.110.1 > type=internal > mask=255.255.255.0 > > [interface eth1.120] > enforcement=vlan > ip=192.168.120.1 > type=internal > mask=255.255.255.0 > > [interface eth1.216] > type=other > mask=255.255.255.0 > > [interface eth1.218] > type=other > mask=255.255.255.0 > > [interface eth1.219] > type=other > mask=255.255.255.0 > > [interface eth1.220] > type=other > mask=255.255.255.0 > > [interface eth1.222] > type=other > mask=255.255.255.0 > > > Le jeu. 12 nov. 2020 à 13:12, Ludovic Zammit <lzam...@inverse.ca> a > écrit : > >> Hello, >> >> Show me your conf/pf.conf >> >> Remove the passwords. >> >> Thanks. >> >> >> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> On Nov 12, 2020, at 6:21 AM, Abdoul Raouf Diabagate < >> abdoulrao...@gmail.com> wrote: >> >> after some testing, I have the impression that the error is due to >> iptables. because when I open my browser it displays this >> <image.png> >> >> but when I restart the iptables service, the captive portal page displays >> correctly >> <image.png> >> >> please who has any idea? I have to restart iptables on each connection >> >> Le mer. 11 nov. 2020 à 13:23, Abdoul Raouf Diabagate < >> abdoulrao...@gmail.com> a écrit : >> >>> i want to use webauth for computers that don't have 8021x supplicant. >>> currently I have the impression that everything is working correctly. >>> however when I connect a computer that does not have an 8021x supplicant it >>> moves into the registration vlan and it gets an IP address. when i try to >>> launch a web page normally i should see the packetfence captive portal but >>> nothing is displayed and an error message telling me that my packetfence >>> server took too long to respond. >>> >>> what is weird is that when I put a switch port in the registration vlan >>> switchport access mode switchport access vlan 120 where 120 is my >>> registration vlan. when I connect a computer it receives an IP address and >>> the captive portal is displayed correctly what is the problem in your >>> opinion >>> >>> >>> >>> Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca> a >>> écrit : >>> >>>> Hello, >>>> >>>> Do you want to do Web Auth or VLAN enforcement for the portal ? You >>>> can’t do both. >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via >>>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>>> >>>> I just installed packetfence version 10.2 ZEN. after following the >>>> setup guide i want to do my first test. the test with the 8021X supplicant >>>> works and the customer is dynamically registered in the correct vlan >>>> >>>> However when I want to test the captive portal, I plug a windows >>>> computer into one of the switch ports. after a few minutes, the computer is >>>> placed in my registration vlan and receives a dynamically ip address from >>>> packetfence. and I am redirected to the address >>>> http://192.168.222.129/Cisco::Catalyst_2960/sidceab07. >>>> after a few minutes of waiting, the browser displays 'waiting time >>>> exceeded' >>>> >>>> However when I move a port of the switch manually in the registration >>>> vlan, and I plug in a computer, the portal page automatically displays >>>> >>>> Any ideas? >>>> >>>> [switch port conf] >>>> interface FastEthernet0/12 >>>> switchport mode access >>>> authentication order dot1x mab >>>> authentication priority dot1x mab >>>> authentication port-control auto >>>> authentication periodic >>>> authentication timer restart 10800 >>>> authentication timer reauthenticate 7200 >>>> authentication violation replace >>>> mab >>>> no snmp trap link-status >>>> dot1x pae authenticator >>>> dot1x timeout quiet-period 2 >>>> dot1x timeout tx-period 3 >>>> >>>> [Packetfence LOG] >>>> >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip >>>> => (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => >>>> (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => >>>> "b06ebfab3afe" (pf::radius::authorize) >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration >>>> VLAN (pf::role::getRegistrationRole) >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the >>>> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to >>>> the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >>>> Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) >>>> INFO: [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to >>>> reply using role: 'registration' and URL: ' >>>> http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a' >>>> (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) >>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using >>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013256.13453 1605013256.14244) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All >>>> cluster members are running the same configuration version >>>> (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013256.1439 1605013256.14699) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting >>>> security_events triggers for accounting cleanup >>>> (pf::accounting::acct_maintenance) >>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: >>>> [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' >>>> (pf::ip4log::ip2mac) >>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: >>>> [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) >>>> are different for b0:6e:bf:ab:3a:fe - closing ip4log entry >>>> (pf::api::update_ip4log) >>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >>>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >>>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >>>> (pf::accounting_events_history::latest_mac_history) >>>> Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: >>>> [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device >>>> b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. >>>> (pf::accounting_events_history::latest_mac_history) >>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting >>>> security_events triggers for accounting cleanup >>>> (pf::accounting::acct_maintenance) >>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013316.14234 1605013316.1507) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013316.15212 1605013316.15555) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using >>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All >>>> cluster members are running the same configuration version >>>> (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013376.14526 1605013376.1536) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using >>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All >>>> cluster members are running the same configuration version >>>> (pf::pfcron::task::cluster_check::run) >>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: >>>> processed 0 security_events during security_event maintenance >>>> (1605013376.15512 1605013376.16199) >>>> (pf::security_event::security_event_maintenance) >>>> Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting >>>> security_events triggers for accounting cleanup >>>> (pf::accounting::acct_maintenance) >>>> Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 >>>> lvl=info msg="No Inline Network bypass ipsets reload" pid=16318 >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users