[PacketFence-users] Active directory source rule not working

2016-06-07 Thread Alberto Losada 
Hi all,

In packetfence version 6.0.1 ZEN + updates to 6.0.3 we were trying to
administer the admin portal using our Active Directory users.

I've been able to login when the condition is SamAccountName equals to,
but no when using an AD group through memberof or membership:

[ADCORP]
description=Scytl domain users
password=
scope=sub
binddn=cn=xxx,ou=Service Accounts,DC=xxx,DC=net
basedn=OU=xxx,DC=,DC=net
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=ssl
dynamic_routing_module=AuthModule
port=636
type=AD
host=192.168.0.105

[ADCORP rule WEB_ADMIN]
description=Web Full Admin IT
class=administration
match=all
action0=set_access_level=ALL
condition0=memberOf,contains,GL_ACC_Server_Admins

In this case I see an " *Error!* Wrong username or password.", however I
can see auth successfull in terminal:

Jun 07 13:26:06 httpd.admin(2668) INFO: Authentication successful for
'alosada' in source SCYTL (AD) (pf::authentication::authenticate)
Jun 07 13:26:06 httpd.admin(2668) INFO: Using sources ADCORP for matching
(pf::authentication::match)
Jun 07 13:26:06 httpd.admin(2668) INFO: Using sources ADCORP for matching
(pf::authentication::match)

Profile.conf was left as by default:

[default]
description=Default Profile
logo=/common/packetfence-white.png
redirecturl=http://www.packetfence.org/
always_use_redirecturl=disabled
locale=en_US
nbregpages=0
filter_match_style=any
block_interval=10m
sms_pin_retry_limit=0
sms_request_limit=0
login_attempt_limit=0
root_module=default_policy
billing_tiers=
dot1x_recompute_role_from_portal=enabled
preregistration=disabled
scans=
reuse_dot1x_credentials=0
sources=
provisioners=


Am I missing something??

Thanks in advance,
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Hiding 'Mobile Provider' field in SMS registration form

2016-06-07 Thread James Rouzier 

You can create a hidden input field in the form




James Rouzier
jrouz...@inverse.ca :: +1.514.447.4918 (x115)  ::  http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)

On 2016-06-07 5:39 AM, Torry, Andrew wrote:


We are running PF 6.0.3 (with mods) and have E-Mail based Registration 
working the way we.


We have now moved on to enabling an SMS text based registration page.

As a JANET organisation we subscribe to the JISC Text service which 
enables us to send an SMS text to ANY


mobile phone regardless of its provider.

Since this is the only SMS mobile provider we need we want to avoid 
confusing the ‘Guest’ with an unnecessary


input field for ‘Mobile Provider’ in the registration page.

I have tried ‘modding’ the HTML code in the ‘signup.html’ template 
file thus:-

Re: [PacketFence-users] Erasing admin user after claering user on DB

2016-06-07 Thread James Rouzier 
You can look in the db schema for you version of PacketFence here 
https://github.com/inverse-inc/packetfence/tree/devel/db/ to find the 
correct initialization of the system users.


Below you can find the current initialization sql of the system users

INSERT INTO `person` (pid,notes) VALUES ("admin","Default Admin User - 
do not delete");
INSERT INTO `person` (pid,notes) VALUES ("default","Default User - do 
not delete");


If you also clear the password table then you should also do the following.

INSERT INTO password (pid, password, valid_from, expiration, 
access_duration, access_level, category) VALUES ('admin', 'admin', 
NOW(), '2038-01-01', NULL, 'ALL', NULL);


James Rouzier
jrouz...@inverse.ca :: +1.514.447.4918 (x115)  ::  http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)

On 2016-06-07 6:32 AM, PROST pierrick wrote:


Hi everyone,

I’m a bit confuse, i deleted admin user on mysql DB (I clear the 
“person” table). Someone can give me a trick to recreate an admin 
account ? There is no other solution for clearing user from packet 
fence than make a big delete on this table (and possibly make a 
blunder like me) ?


Regards

Pierrick Prost



--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Still a problem with registration process

2016-06-07 Thread Morris, Andi 
When applying that patch do I need to rename the x.y.z files in the diff file 
to match my current version, and then create the relevant files? My patch dry 
run is failing because the files don’t currently exist.

Apologies, I’m a git/patch noob

Cheers,
Andi



From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 07 June 2016 10:33
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Still a problem with registration process

Thanks Louis,
I’ll take a look at that patch. Personally my system is only in development, so 
future upgrades likely won’t affect me as I’m more likely to rebuild than 
upgrade, and I’ll possibly wait until 6.1 before pushing to production.

For Andrew, I believe he has active users on his system, but has implemented 
his own fix.

Cheers,
Andi

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 06 June 2016 20:27
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Still a problem with registration process



On Jun 6, 2016, at 11:05 , Morris, Andi 
> wrote:

When setting the reverse proxy to forward the original IP the packetfence 
server doesn’t seem to respond to the incoming request.

Tcpdump output of the packetfence server shows:
16:01:51.644525 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:01:54.648694 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:00.654695 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 65535, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:12.668769 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:15.677516 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:21.683543 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:33.697445 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:36.706367 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:42.712373 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0

So the https request is reaching the server, however there is nothing at all in 
the packetfence.log




Hi Andy,
This looks like a possible case of iptables dropping the packets wouldn’t you 
say?



There’s an upcoming fix for this issue (#1522 on github) in the current devel 
branch (which will in time become 6.1):

If your are running 6.0.x it might be worth looking into.
This code will end up being part of your PF whenever you upgrade.

Be carefull to take a look at “db/upgrade-X.X.X-X.Y.Z.sql”.
We had to alter the “activation” table.

If you do apply this, you’ll have to remember to comment that one change in the 
database upgrade script on the day you move to 6.1 for real.
Mysql will not let you apply the same change twice.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)



[Image removed by sender. Cardiff Metropolitan University - Queens Anniversary 
Prizes 
2015]

[PacketFence-users] Erasing admin user after claering user on DB

2016-06-07 Thread PROST pierrick 
Hi everyone,

I'm a bit confuse, i deleted admin user on mysql DB (I clear the "person" 
table). Someone can give me a trick to recreate an admin account ? There is no 
other solution for clearing user from packet fence than make a big delete on 
this table (and possibly make a blunder like me) ?


Regards

Pierrick Prost


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Hiding 'Mobile Provider' field in SMS registration form

2016-06-07 Thread Torry, Andrew 
We are running PF 6.0.3 (with mods) and have E-Mail based Registration working 
the way we.

We have now moved on to enabling an SMS text based registration page.

As a JANET organisation we subscribe to the JISC Text service which enables us 
to send an SMS text to ANY
mobile phone regardless of its provider.

Since this is the only SMS mobile provider we need we want to avoid confusing 
the ‘Guest’ with an unnecessary
input field for ‘Mobile Provider’ in the registration page.

I have tried ‘modding’ the HTML code in the ‘signup.html’ template file thus:-

+

Which does not seem to achieve anything.

I have also tried:-

  [% FOREACH field IN fields.keys %]
  [% NEXT IF field == 'aup' %]
+  [% NEXT IF field == 'mobileprovider' %]
  
[% form.get_field(field).render | none %]
  
  [% END %]

Which works in hiding the field but yields a ‘Field missing error message’ 
which is not surprising.

How can we ‘hide’ the field in the form? Short of a software hack.

Andrew
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Still a problem with registration process

2016-06-07 Thread Morris, Andi 
Thanks Louis,
I’ll take a look at that patch. Personally my system is only in development, so 
future upgrades likely won’t affect me as I’m more likely to rebuild than 
upgrade, and I’ll possibly wait until 6.1 before pushing to production.

For Andrew, I believe he has active users on his system, but has implemented 
his own fix.

Cheers,
Andi

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 06 June 2016 20:27
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Still a problem with registration process



On Jun 6, 2016, at 11:05 , Morris, Andi 
> wrote:

When setting the reverse proxy to forward the original IP the packetfence 
server doesn’t seem to respond to the incoming request.

Tcpdump output of the packetfence server shows:
16:01:51.644525 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:01:54.648694 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:00.654695 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 65535, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:12.668769 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:15.677516 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:21.683543 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:33.697445 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:36.706367 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:42.712373 IP 
host86-176-129-66.range86-176.btcentralplus.com.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0

So the https request is reaching the server, however there is nothing at all in 
the packetfence.log




Hi Andy,
This looks like a possible case of iptables dropping the packets wouldn’t you 
say?



There’s an upcoming fix for this issue (#1522 on github) in the current devel 
branch (which will in time become 6.1):

If your are running 6.0.x it might be worth looking into.
This code will end up being part of your PF whenever you upgrade.

Be carefull to take a look at “db/upgrade-X.X.X-X.Y.Z.sql”.
We had to alter the “activation” table.

If you do apply this, you’ll have to remember to comment that one change in the 
database upgrade script on the day you move to 6.1 for real.
Mysql will not let you apply the same change twice.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)



[Cardiff Metropolitan University - Queens Anniversary Prizes 
2015]
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing

[PacketFence-users] Error with pf-maint.pl

2016-06-07 Thread Nathan, Josh 
When I try to run pf-maint, I get the following error:

** GET
https://api.github.com/repos/inverse-inc/packetfence/compare/a962ef7cf0c0755845f9e48ee0d2d0c5bf517c7d...f9dda4c3b46973fd6fa4fac586df9ce810df745c
==> 404 Not Found (1s)
404 Not Found


I'm running PF 6.0.1.

Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users