[PacketFence-users] Problems trying to set up PF for Ubuntu 14.04 (iptables + httpd)

2015-09-08 Thread Life4YourGames 
Hi,

I’ve been trying to set up PacketFence for Ubuntu 14.04 (trusty) since weeks 
now and I’m continuing to run into the same Problems again and again.

My first Problem is, that I’ve set up an OpenVPN-Server for remote maintenance 
of the Network, thus I have to NAT the traffic into my LAN.
Normally I’m doing this by this IP-Tables rule:
„-A POSTROUTING –s 10.8.0.0/24 –o eth1 –j SNAT –to-source 10.16.1.2“

Connecting to the OVPN-Server works, but traffic is not NATed correctly, if I 
add this rule to

*nat
: POSTROUTING ACCEPT

In „/usr/local/pf/conf/iptables.conf“ (where I should place custom rules, I 
just read in the Mailing list)


My second Problem is, that my SSH-Service uses „22000“ as port, but changing 
the existing rule from „(…) –dport 22 (…)“ to „(…) –dport 22000 (…)“ somehow 
does not allow new Connections. 


And my third Problem sadly should be already known: 

Sometimes (looks like around 5/6 of all starts) httpd.* (with „*“ being any 
httpd Service packetfence needs, but not always the same ._. ) Fails to start 
with „AH00526: Syntax error on line XXX of /usr/local/pf/httpd.conf.d/httpd.*: 
$parms->add_config() has failed: Expected  before end of 
configuration at /usr/lib/perl5/Apache2/PerlSections.pm line 215.\n“ 



I already used Google and the Mailing list trying to find a solution, but None 
of my tries really worked.

Helpful might be:

Install-Repo I used: „deb 
http://inverse.ca/downloads/PacketFence/debian-feature-ubuntu-14.04 trusty 
trusty“

Folder: „/usr/local/pf/var/ssl_mutex“ exists

O.System: Ubuntu-Server 14.04.1 amd64

I would appreciate any help and also hints, if it’s just me being stupid ^^

Best regards,

Magnus Leßmann
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Newbies question

2015-09-08 Thread Will Halsall 
Hi Fabrice,


Thanks for getting back to me but I found the answer in  
/usr/local/pf/lib/pf/vlan/custom.pm, uncommenting the example 
ShouldAautoRegister   did the trick. I just got confused because 
Packetfence-ZEN 5.2 seamed to do this out of the box but after upgrading to 
5.3.1 it did not.


WillH




-Original Message-
From: Fabrice DURAND [mailto:fdur...@inverse.ca] 
Sent: 08 September 2015 18:52
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Newbies question

Hi Will,

some logs maybe ?

Regards
Fabrice

Le 2015-09-02 09:04, Will Halsall a écrit :
> Hi Folks,
>
> I have a new install of packetfence ZEN patched up to date and Aruba instant 
> WiFi group.
>
> Users authenticated against the captive portal appear as packefence users 
> whereas users authenticating using WPA2 Enterprise do not. Running radius in 
> debug you can see the Auth OK messages being sent but the users not added to 
> the users section of PacketFence. 
>
>
> Is this a configuration issue or normal operation?
>
>
> Thanks
>
>
> Will Halsall
>
>
>
>
>
>
>
> **
> This message is intended only for the use of the person(s) to whom it 
> is addressed, and may contain privileged and confidential information.
> If it has come to you in error, please contact the sender as soon as 
> possible, and note that you must take no action based on the content, 
> nor must you copy, distribute, or show the content to any other person.
>
>
> In accordance with its legal obligations, Farnborough College of 
> Technology reserves the right to monitor the content of e-mails sent 
> and received, but will not do so routinely.
> **
>


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca Inverse inc. 
:: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 





**
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
**

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Debian Jessie support

2015-09-08 Thread Holger.Patzelt 
Hi Louis,
hi folks,

thanks for your patience with us, answering these questions all over again.

Maybe you find the following information interesting:
On "your" Web-Page (the Main Page of inverse.ca) it says:
Supported operating systems are

 *   Community ENTerprise Operating System (CentOS) 5+
 *   Debian 4+ and Ubuntu 8+
 *   openSUSE 10.3+
 *   Red Hat Enterprise Linux 5+
Maybe the Page is in need of some sort of facelift :)

Btw.: Maybe you would like some other feedback about Juniper Switches for your 
Dokumentation:
We use PF with Juniper EX3200 Switches here, usind the EX2200 "Template" as is.

Bye,
Holger

--

Holger Patzelt

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Tuesday, September 01, 2015 3:31 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Debian Jessie support

I am going to pull a Debian here:

"It's ready when it's ready".

Maintaining three different distributions across multiple releases is a huge 
pain in the lower back.
Paths change across distros, bug appear in libraries of dependencies of 
dependencies on one distros and not another etc.

So essentially the choice is betweeen a few well supported and tested distros 
and releasing for more distros with probably more bugs.

The current priority is RHEL 7.
All other (new) distros are subordinate to that.
The overwhelming majority of our clients use RHEL or CentOS.

Then, at some later point and hopefully by the end of this year additional 
distros will be added.

In all cases, it will be the same PacketFence regardless of the base distro.
I realize some people do have valid reasons for wanting a more recent distro 
(e.g. kernel related).
I would advise them to consider moving to CentOS or RHEL 7 if possible when it 
comes out.
It is likely to be the longest maintained version in the future and the one for 
which updates come out the fastest.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Aug 31, 2015, at 11:45 , 
holger.patz...@t-systems.com wrote:


Hello Henry-Nicolas,
hello Louis

Maybe this is a good time to ask Louis again, about the ubuntu 14.4LTS support?
Or do you plan to skip 14.4LTS to jump to 16.4, when it is released?

Best regards,
Holger

-Original Message-
From: Henry-Nicolas [mailto:nicolas...@babsetnico.net]
Sent: Sunday, August 30, 2015 3:49 PM
To: 
packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Debian Jessie support


Hello everyone,

I would like to use PacketFence on Debian but I'm running the latest Stable 
version (Jessie, at this moment).
I saw that there is support for Wheezy, any plan to add support for Jessie?

Are there any alternatative methods to install PacketFence on Debian Jessie?

Best regards,

Henry-Nicolas

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] SNMP Setup procurve 2610

2015-09-08 Thread Kristaps Dambergs 
Hi,

I am trying to configure SNMP on it to sent traps to PF server
(192.168.0.10).

Global config settings:

snmp-server community public manager unrestricted
snmp-server host 192.168.0.3 "public" Not-INFO
no snmp-server enable traps link-change 1-12

*Invalid input: public*

I am getting stuck here.

Cheers,
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Debian Jessie support

2015-09-08 Thread Louis Munro 


On Sep 8, 2015, at 5:13 ,  
 wrote:
> 
> Maybe you find the following information interesting:
> On “your” Web-Page (the Main Page of inverse.ca) it says:
> Supported operating systems are
> Community ENTerprise Operating System (CentOS) 5+
> Debian 4+ and Ubuntu 8+
> openSUSE 10.3+
> Red Hat Enterprise Linux 5+
> Maybe the Page is in need of some sort of facelift J


You are right.
It does need a facelift.

Strictly speaking, PacketFence does work on those.
We even have some people running it on some recent version of Fedora.
What we don’t do is provide packages for all those distributions.

Packaging is tedious and thankless job.
Those responsible here (mostly Fabrice) should have our undying gratitude.

Each distros/release needs some tweaks. 
Paths differ, module versions have bugs in one distro and not others, the 
debug, fix and repackage cycle is not particularly quick.
We have now passed the 500 packages required for a PacketFence install on a 
bare minimum server.
Multiply that by three distros, and multiple releases...


>  
> Btw.: Maybe you would like some other feedback about Juniper Switches for 
> your Dokumentation:
> We use PF with Juniper EX3200 Switches here, usind the EX2200 “Template” as 
> is.
>  


Certainly!

You can either send your notes/documentation directly to us or you can open a 
pull request for the documentation.
That way has the advantage of giving you all the credit.

Best regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] IP Address when registering

2015-09-08 Thread Thomas, Gregory A 
The connection_type is Inline, just like every other record in the table. Also 
now the user is connected with an IP address.

The users that I do have no IP address for (at this time) have not renewed 
leases since early in the switch over process.

I am thinking it has to do with the fact that I did a switch over in the middle 
of the night when these leases were valid from the previous server. Once they 
renewed on the new server they seemed to have connected without incident.

It has been up and running for over a day now and after that first influx at 
3AM there have been no issues. The Status page shows an average of .25+ 
registrations (what ever that means) since 4PM CDT

Thanks for giving me places to look in the future.

--
Gregory A. Thomas
IT Manager, Student Life
University of Wisconsin-Parkside
thom...@uwp.edu
262.595.2432

-Original Message-
From: Fabrice DURAND [mailto:fdur...@inverse.ca] 
Sent: Tuesday, September 8, 2015 12:21 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] IP Address when registering

Hi Thomas,

you probably have an issue with the locationlog.

Can you check on the database to see if the connection_type is set to Inline ?
select * from locationlog where mac="80:6c:1b:f7:11:a1";

Regards
Fabrice


Le 2015-09-07 16:10, Thomas, Gregory A a écrit :
>
> All,
>
>  
>
> I have a question about my system. In most cases it is working as 
> expected, but there are users who are having problems.
>
>  
>
> My system is completely InLine with about 800 users with a potential 
> for 2400 or more devices. I have the IP space so that is not the problem.
>
>  
>
> So here is goes, when a user brings a device online, and browses to a 
> web page, they are directed to the registration page as expected. They 
> successfully register and then depending on how the server feels 
> (because I am not sure how it is decided) the user may be allowed 
> through or they seem to find Gandalf and "Shall not Pass". Looking at 
> the GUI those that can pass have an IP, those that run in to Gandalf 
> do not.
>
>  
>
> I check dhcpd.leases and the devices are listed there.
>
> When I look at logs, I happen to see several devices displayed over 
> and over like below:
>
> Sep 07 15:05:13 httpd.portal(9543) INFO: Matched IP '131.210.95.196'
> to MAC address '80:6c:1b:f7:11:a1' using OMAPI (pf::iplog::ip2mac)
>
>  
>
> There seem to be fewer now than this morning, but any advice would be 
> helpful. I plan on working with Inverse on this when I get in tomorrow 
> but some advice might just solve this,
>
>  
>
> --
>
> Gregory A. Thomas
>
> IT Manager, Student Center and Residence Life
>
> thom...@uwp.edu 
>
> Phone: 262.595.2432
>
> Cell: 262.854.0105
>
>
>
> --
> 
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca Inverse inc. 
:: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SNMP Setup procurve 2610

2015-09-08 Thread Antoine Amacher 

Hello Kristaps,

Can you try the following command instead of "snmp-server host 
192.168.0.3 "public" Not-INFO":


snmp-server host 192.168.0.3 community public Not-INFO

Regards,

On 09/08/2015 02:46 AM, Kristaps Dambergs wrote:

Hi,

I am trying to configure SNMP on it to sent traps to PF server 
(192.168.0.10).


Global config settings:

snmp-server community public manager unrestricted
snmp-server host 192.168.0.3 "public" Not-INFO
no snmp-server enable traps link-change 1-12

*Invalid input: public*

I am getting stuck here.

Cheers,


--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca   ::  +1.514.447.4918 *130  ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] IP Address when registering

2015-09-08 Thread Fabrice DURAND 
Hi Thomas,

you probably have an issue with the locationlog.

Can you check on the database to see if the connection_type is set to
Inline ?
select * from locationlog where mac="80:6c:1b:f7:11:a1";

Regards
Fabrice


Le 2015-09-07 16:10, Thomas, Gregory A a écrit :
>
> All,
>
>  
>
> I have a question about my system. In most cases it is working as
> expected, but there are users who are having problems.
>
>  
>
> My system is completely InLine with about 800 users with a potential
> for 2400 or more devices. I have the IP space so that is not the problem.
>
>  
>
> So here is goes, when a user brings a device online, and browses to a
> web page, they are directed to the registration page as expected. They
> successfully register and then depending on how the server feels
> (because I am not sure how it is decided) the user may be allowed
> through or they seem to find Gandalf and “Shall not Pass”. Looking at
> the GUI those that can pass have an IP, those that run in to Gandalf
> do not.
>
>  
>
> I check dhcpd.leases and the devices are listed there.
>
> When I look at logs, I happen to see several devices displayed over
> and over like below:
>
> Sep 07 15:05:13 httpd.portal(9543) INFO: Matched IP '131.210.95.196'
> to MAC address '80:6c:1b:f7:11:a1' using OMAPI (pf::iplog::ip2mac)
>
>  
>
> There seem to be fewer now than this morning, but any advice would be
> helpful. I plan on working with Inverse on this when I get in tomorrow
> but some advice might just solve this,
>
>  
>
> --
>
> Gregory A. Thomas
>
> IT Manager, Student Center and Residence Life
>
> thom...@uwp.edu 
>
> Phone: 262.595.2432
>
> Cell: 262.854.0105
>
>
>
> --
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sigin using AD and local database

2015-09-08 Thread Antoine Amacher 

Hello Andy,

To answer your question, yes the company users could 'signin' via the 
captive portal with their AD account and guests could register 
simultaneously on the same portal.


What command, tools did you use to test the connection to the AD server?

Also, do you have both the AD source and the Guest source(email or SMS 
for instance) active on your default portal profile?


Regards,

On 09/04/2015 10:23 AM, Andy A wrote:

Hi.

I am using PF 5.2.0 on CentOS 6.6 in inline mode.

I would like to allow the company staff access to the internet via AD 
and any company guest via email signup / local account. I have setup 
the AD source and tested the connection and it works fine.
My question is how does the AD signin work? Could the company staff 
'signin' through the captive portal using their AD username and 
password, and company guests can register and signin?


I tried to use my AD username and password to signin through the 
captive portal and it didn't work.


Thanks.


--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca   ::  +1.514.447.4918 *130  ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] IP Address when registering

2015-09-08 Thread Fabrice DURAND 
Ok make sense, locationlog is updated by the dhcp traffic.
So without dhcp traffic for some nodes then no locationlog entry so the
device stuck on the portal.


Le 2015-09-08 13:39, Thomas, Gregory A a écrit :
> The connection_type is Inline, just like every other record in the table. 
> Also now the user is connected with an IP address.
>
> The users that I do have no IP address for (at this time) have not renewed 
> leases since early in the switch over process.
>
> I am thinking it has to do with the fact that I did a switch over in the 
> middle of the night when these leases were valid from the previous server. 
> Once they renewed on the new server they seemed to have connected without 
> incident.
>
> It has been up and running for over a day now and after that first influx at 
> 3AM there have been no issues. The Status page shows an average of .25+ 
> registrations (what ever that means) since 4PM CDT
>
> Thanks for giving me places to look in the future.
>
> --
> Gregory A. Thomas
> IT Manager, Student Life
> University of Wisconsin-Parkside
> thom...@uwp.edu
> 262.595.2432
>
> -Original Message-
> From: Fabrice DURAND [mailto:fdur...@inverse.ca] 
> Sent: Tuesday, September 8, 2015 12:21 PM
> To: packetfence-users@lists.sourceforge.net
> Subject: Re: [PacketFence-users] IP Address when registering
>
> Hi Thomas,
>
> you probably have an issue with the locationlog.
>
> Can you check on the database to see if the connection_type is set to Inline ?
> select * from locationlog where mac="80:6c:1b:f7:11:a1";
>
> Regards
> Fabrice
>
>
> Le 2015-09-07 16:10, Thomas, Gregory A a écrit :
>> All,
>>
>>  
>>
>> I have a question about my system. In most cases it is working as 
>> expected, but there are users who are having problems.
>>
>>  
>>
>> My system is completely InLine with about 800 users with a potential 
>> for 2400 or more devices. I have the IP space so that is not the problem.
>>
>>  
>>
>> So here is goes, when a user brings a device online, and browses to a 
>> web page, they are directed to the registration page as expected. They 
>> successfully register and then depending on how the server feels 
>> (because I am not sure how it is decided) the user may be allowed 
>> through or they seem to find Gandalf and "Shall not Pass". Looking at 
>> the GUI those that can pass have an IP, those that run in to Gandalf 
>> do not.
>>
>>  
>>
>> I check dhcpd.leases and the devices are listed there.
>>
>> When I look at logs, I happen to see several devices displayed over 
>> and over like below:
>>
>> Sep 07 15:05:13 httpd.portal(9543) INFO: Matched IP '131.210.95.196'
>> to MAC address '80:6c:1b:f7:11:a1' using OMAPI (pf::iplog::ip2mac)
>>
>>  
>>
>> There seem to be fewer now than this morning, but any advice would be 
>> helpful. I plan on working with Inverse on this when I get in tomorrow 
>> but some advice might just solve this,
>>
>>  
>>
>> --
>>
>> Gregory A. Thomas
>>
>> IT Manager, Student Center and Residence Life
>>
>> thom...@uwp.edu 
>>
>> Phone: 262.595.2432
>>
>> Cell: 262.854.0105
>>
>>
>>
>> --
>> 
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Fabrice Durand
> fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca Inverse inc. 
> :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org) 
>
>
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users