Re: [PacketFence-users] maintenance script with remote database

[Louis Munro]

> On Sep 28, 2016, at 11:55 AM, Morris, Andi  wrote:
> 
> Apologies, I mean the database cleaner script being run remotely, not the 
> optimisation.



What was the error?
Of course, if you run the database backup script on another server you will 
need to copy to database-cleaner script and all it's dependencies to it.

It may be simpler to edit the backup script to only run the cleaner and not 
dump the database and then run it from the PF server.


Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x access without logging on

[Will Halsall]

Hi Derek,

[WirelessEAP] had been defend for another rule as follows: I have also changed 
the unregdate to access_duration but when I attach the tablet to the ssis the 
authentication box pops up. I was hoping to just have normal access without 
having to login

Any thoughts on this would be appreciated

[WirelessEAP]
filter = connection_type
operator = is
value = Wireless-802.11-EAP

[Salon_Tablets]
filter = node_info.mac
operator = regex
value = ^(34:14:5f:de:f1:3f)

[1:WirelessEAP_Tablets]
scope = AutoRegister
role = Internet

[2:WirelessEAP_Tablets]
scope = NodeInfoForAutoReg
role = Internet
action = modify_node
action_param = mac = $mac, status = reg, access_duration = 12h, role = Internet


Will Halsall

From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: Wednesday, September 28, 2016 2:33 PM
To: ML PF
Subject: Re: [PacketFence-users] 802.1x access without logging on

Hello Will,

Real quick, I see some configurations that may be bogus.
Do you mind changing them and test again ?

First, are you missing the “WirelessEAP” condition ? I do not see it. Only the 
“Salon_Tablets”

Second, the “unregdate” parameter of the “NodeInfoForAutoReg” action is 
actually an “access_duration”. You might want to set a date.

Cheers!
-dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) 
:: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Sep 28, 2016, at 08:42, Will Halsall 
> wrote:

Hi Folks,


I am trying to get a Samsung tablet to connect to our secure internet 802.1x 
SSID and assign the role Internet without the user having to authenticate and 
thought I would try Vlan filters to do this as follows without much success. 
Can this be done?


[Salon_Tablets]
filter = node_info.mac
operator = regex
value = ^(34:14:5f:de:f1:3f)

[1:WirelessEAP_Tablets]
scope = AutoRegister
role = Internet

[2:WirelessEAP_Tablets]
scope = NodeInfoForAutoReg
role = Internet
action = modify_node
action_param = mac = $mac, status = reg, unregdate = 12H, role = Internet


This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] maintenance script with remote database

[Morris, Andi]

Apologies, I mean the database cleaner script being run remotely, not the 
optimisation.

From: Morris, Andi
Sent: 28 September 2016 16:52
To: 'packetfence-users@lists.sourceforge.net' 

Subject: RE: [PacketFence-users] maintenance script with remote database

Hi Louis,
I’ve edited the script with the variables and the backup works fine on the DB 
server, it’s the optimisation that isn’t. However, presuming that running the 
optimisation commands doesn’t dump the database locally first that should be ok 
to run from the pf app server I guess. Although that does still mean I need to 
have mariadb running on the packetfence server.

I’ll keep playing with the script remotely to see what I can do.

Cheers,
Andi

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 28 September 2016 16:02
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] maintenance script with remote database


On Sep 28, 2016, at 10:34 AM, Morris, Andi 
> wrote:

Hi Louis,
That makes sense, but in practice I get errors when running this on a server 
that hasn’t had packetfence installed as there are calls to log4perl.pm files 
in the database-clearner.pl script.


You would need to edit it to fill in some variables, like the db name, username 
and password.
Don't be afraid to play with the script.
There's nothing really fancy in there.


Out of interest, what’s the danger of running this script from a packetfence 
server against a remote db server? Is it likely to cause an issue?


The issue is that it would have to copy the database over the network and dump 
the copy on the server you are running it from.
While that is doable, it is not really recommended.
You might end up saturating the link between those two servers during the dump.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] maintenance script with remote database

[Morris, Andi]

Hi Louis,
I’ve edited the script with the variables and the backup works fine on the DB 
server, it’s the optimisation that isn’t. However, presuming that running the 
optimisation commands doesn’t dump the database locally first that should be ok 
to run from the pf app server I guess. Although that does still mean I need to 
have mariadb running on the packetfence server.

I’ll keep playing with the script remotely to see what I can do.

Cheers,
Andi

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 28 September 2016 16:02
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] maintenance script with remote database


On Sep 28, 2016, at 10:34 AM, Morris, Andi 
> wrote:

Hi Louis,
That makes sense, but in practice I get errors when running this on a server 
that hasn’t had packetfence installed as there are calls to log4perl.pm files 
in the database-clearner.pl script.


You would need to edit it to fill in some variables, like the db name, username 
and password.
Don't be afraid to play with the script.
There's nothing really fancy in there.



Out of interest, what’s the danger of running this script from a packetfence 
server against a remote db server? Is it likely to cause an issue?


The issue is that it would have to copy the database over the network and dump 
the copy on the server you are running it from.
While that is doable, it is not really recommended.
You might end up saturating the link between those two servers during the dump.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] maintenance script with remote database

[Louis Munro]

On Sep 28, 2016, at 10:34 AM, Morris, Andi  wrote:Hi Louis,That makes sense, but in practice I get errors when running this on a server that hasn’t had packetfence installed as there are calls to log4perl.pm files in the database-clearner.pl script. You would need to edit it to fill in some variables, like the db name, username and password.Don't be afraid to play with the script. There's nothing really fancy in there.Out of interest, what’s the danger of running this script from a packetfence server against a remote db server? Is it likely to cause an issue?The issue is that it would have to copy the database over the network and dump the copy on the server you are running it from.While that is doable, it is not really recommended.You might end up saturating the link between those two servers during the dump.
Regards,--Louis Munrolmu...@inverse.ca  ::  www.inverse.ca +1.514.447.4918 x125  :: +1 (866) 353-6153 x125Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] maintenance script with remote database

[Morris, Andi]

Hi Louis,
That makes sense, but in practice I get errors when running this on a server 
that hasn’t had packetfence installed as there are calls to log4perl.pm files 
in the database-clearner.pl script.

Out of interest, what’s the danger of running this script from a packetfence 
server against a remote db server? Is it likely to cause an issue?

Cheers,
Andi

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 28 September 2016 14:26
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] maintenance script with remote database

Hi Andi,

The script will run but not backup the database if it's not running locally.
That is what the check for the `hostname`.pid does.

It will only backup the PF files that are present locally in that case.

I suggest you run that script on the database server itself.

The script does not send an email on it's own.
Cron may send one, depending on how it's configured.

Makes sense?


On Sep 27, 2016, at 9:14 AM, Morris, Andi 
> wrote:

Hi,
An update to this. It does seem to work well if the packetfence server is also 
running the mariadb service. Mine wasn’t as there’s no need for it if the 
database is on a remote server. Starting it meant that I could run the 
maintenance job and see the backups being created, aswell as the optimisation 
being run.

Would you like me to log this as an issue on github?

On a related note, I can see that issue 1415 
https://github.com/inverse-inc/packetfence/issues/1415 mentions an email that 
is generated when this script is run. I’ve never had that email. Is it 
something that should be sent to the user designated for PF alerts? If not, is 
there scope for this to be added as an option?

Cheers,
Andi


Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x authentication failed via windows AD

[Sarayuth Sarayuth]

Hi Fabrice,
Now I got it. Many thanks for your best effort.

The last one, I have a question about packetfence integrated with
firewall(Fortinet) for SSL VPN authentication.
Scenario:
I would like to create 2 user groups.
- Vendor group from packetfence local user source.
- Employees group from windows AD user group.

is it possible?
If possible, Can you please share the concept for this solution.

Thak you,
Sarayuth

On Wednesday, 28 September 2016, Fabrice Durand  wrote:

> Hi Sarayuth,
>
> this is exactly what you expected, your device match the wiredmacauth and
> because it's unreg then it is forwarded on the vlan 2 (reg vlan i suppose).
>
> So now if you correctly configure packetfence on the vlan 2 then the
> device will hit the portal.
>
> The next step is to be sure that in your null authentication source you
> define the rule catch_all that assign the Guest role and an access duration.
>
> Regards
>
> Fabrice
>
>
>
> Le 2016-09-27 à 23:39, Sarayuth Sarayuth a écrit :
>
> Hi Fabrice,
>
> Yes, So I attempt to uncheck Automatically register device and client show
> unreg status and obtain registration role not get Guest role on NULL
> source. the packetfence.log as below.
>
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key config::Switch in local
> cached_hash (pfconfig::cached::is_valid)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] handling
> radius autz request: from switch_ip => (192.168.1.254), connection_type =>
> WIRED_MAC_AUTH,switch_mac => (24:01:c7:3e:61:85), mac =>
> [70:5a:0f:85:9d:6a], port => 10005, username => "705a0f859d6a"
> (pf::radius::authorize)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key FilterEngine::Profile in local
> cached_hash (pfconfig::cached::is_valid)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key config::Profiles in local
> cached_hash (pfconfig::cached::is_valid)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Instantiate
> profile wiredmacauth (pf::Portal::ProfileFactory::_from_profile)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key resource::authentication_sources
> in local cached_hash (pfconfig::cached::is_valid)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key config::Pf in local cached_hash
> (pfconfig::cached::is_valid)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] is of status
> unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a]
> (192.168.1.254) Added VLAN 2 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
> Sep 28 10:21:40 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a]
> (192.168.1.254) Added role registration to the returned RADIUS
> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>
> Best Regards,
> Sarayuth
>
> On Wed, Sep 28, 2016 at 6:57 AM, Durand fabrice 
> wrote:
>
> Hi Sarayuth,
>
> did you check Automatically register device on the wiremacauth portal ?
> (if yes uncheck it)
>
> Regards
>
> Fabrice
>
>
>
> Le 2016-09-27 à 16:24, Sarayuth Sarayuth a écrit :
>
> Hi Fabrice,
> Please see the log result as below.
> Sep 28 02:38:14 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Connection
> type is WIRED_MAC_AUTH. Getting role from node_info
> (pf::role::getRegisteredRole)
> Sep 28 02:38:14 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Username was
> NOT defined or unable to match a role - returning node based role ''
> (pf::role::getRegisteredRole)
> Sep 28 02:38:14 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] PID:
> "default", Status: reg Returned VLAN: (undefined), Role:
>  (pf::role::fetchRoleForNode)
> Sep 28 02:38:14 httpd.aaa(6031) WARN: [mac:70:5a:0f:85:9d:6a] No parameter
> Vlan found in conf/switches.conf for the switch 192.168.1.254
> (pf::Switch::getVlanByName)
> Sep 28 02:38:15 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Updating
> locationlog from accounting request (pf::api::handle_accounting_metadata)
> Sep 28 02:42:49 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key config::Pf in local cached_hash
> (pfconfig::cached::is_valid)
> Sep 28 02:42:49 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key resource::stats_levels in local
> cached_hash (pfconfig::cached::is_valid)
> Sep 28 02:42:49 packetfence.pm(7715) INFO: Memory configuration is not
> valid anymore for key resource::stats_levels in local cached_hash
> (pfconfig::cached::is_valid)
> Sep 28 02:47:30 httpd.aaa(6031) INFO: [mac:70:5a:0f:85:9d:6a] Memory
> configuration is not valid anymore for key resource::stats_levels in local
> cached_hash 

Re: [PacketFence-users] 802.1x access without logging on

[Derek Wuelfrath]

Hello Will,

Real quick, I see some configurations that may be bogus.
Do you mind changing them and test again ?

First, are you missing the “WirelessEAP” condition ? I do not see it. Only the 
“Salon_Tablets”

Second, the “unregdate” parameter of the “NodeInfoForAutoReg” action is 
actually an “access_duration”. You might want to set a date.

Cheers!
-dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Sep 28, 2016, at 08:42, Will Halsall  wrote:
> 
> Hi Folks,
>  
>  
> I am trying to get a Samsung tablet to connect to our secure internet 802.1x 
> SSID and assign the role Internet without the user having to authenticate and 
> thought I would try Vlan filters to do this as follows without much success. 
> Can this be done?
>  
>  
> [Salon_Tablets]
> filter = node_info.mac
> operator = regex
> value = ^(34:14:5f:de:f1:3f)
>  
> [1:WirelessEAP_Tablets]
> scope = AutoRegister
> role = Internet
>  
> [2:WirelessEAP_Tablets]
> scope = NodeInfoForAutoReg
> role = Internet
> action = modify_node
> action_param = mac = $mac, status = reg, unregdate = 12H, role = Internet
>  
>  
> This message is intended only for the use of the person(s) to 
> whom it is addressed, and may contain privileged and confidential 
> information. 
> If it has come to you in error, please contact the sender as soon as 
> possible, 
> and note that you must take no action based on the content, nor must you 
> copy, 
> distribute, or show the content to any other person. 
> 
> 
> In accordance with its legal obligations, Farnborough College of 
> Technology reserves the right to monitor the content of e-mails sent and 
> received, but will not do so routinely. 
> 
>  
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] maintenance script with remote database

[Louis Munro]

Hi Andi,

The script will run but not backup the database if it's not running locally.
That is what the check for the `hostname`.pid does. 

It will only backup the PF files that are present locally in that case.

I suggest you run that script on the database server itself.

The script does not send an email on it's own.
Cron may send one, depending on how it's configured.

Makes sense?


> On Sep 27, 2016, at 9:14 AM, Morris, Andi  wrote:
> 
> Hi,
> An update to this. It does seem to work well if the packetfence server is 
> also running the mariadb service. Mine wasn’t as there’s no need for it if 
> the database is on a remote server. Starting it meant that I could run the 
> maintenance job and see the backups being created, aswell as the optimisation 
> being run.
>  
> Would you like me to log this as an issue on github?
>  
> On a related note, I can see that issue 1415 
> https://github.com/inverse-inc/packetfence/issues/1415 
>  mentions an email 
> that is generated when this script is run. I’ve never had that email. Is it 
> something that should be sent to the user designated for PF alerts? If not, 
> is there scope for this to be added as an option?
>  
> Cheers,
> Andi
> 

Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] 802.1x access without logging on

[Will Halsall]

Hi Folks,


I am trying to get a Samsung tablet to connect to our secure internet 802.1x 
SSID and assign the role Internet without the user having to authenticate and 
thought I would try Vlan filters to do this as follows without much success. 
Can this be done?


[Salon_Tablets]
filter = node_info.mac
operator = regex
value = ^(34:14:5f:de:f1:3f)

[1:WirelessEAP_Tablets]
scope = AutoRegister
role = Internet

[2:WirelessEAP_Tablets]
scope = NodeInfoForAutoReg
role = Internet
action = modify_node
action_param = mac = $mac, status = reg, unregdate = 12H, role = Internet





This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Reregister if SSID is changing

[Tobias Friede]

Hi,

today I played a little bit wirh the rule set.

The following workflow to reproduce my Problem:

I have a portal page wich is registered to the SSID GAST-Dont-Use-It (It's
my testing WLAN).
I have a rule set for checking certificates (EAP-TLS) and for the SSID
"Fraunhofer-PF" which is my Internal WLAN.

If I connect a client, which is currently unregistered in PF to my GAST
WLAN, pf is presenting the portal and I can login with an internal user
which has assigned the role "guest".
After that, the vlan is changing from registration VLAN to my Guest VLAN.
Everything seems to be fine.

Now, the client is connecting to Fraunhofer-PF, ok looks good, the 802.1x
auth works and the vlan changes to my internal VLAN Now I move the
client back to the guest WiFI. In the PF interface (Auditing) I can see
that a news radius request is coming into PF, but PF sends back the
"Internal" VLAN not the registration VLAN :(

Source and Role doesn't change to guest.


Gruß
Tobias


2016-09-27 22:44 GMT+02:00 Tobias Friede :

>
> Hi Antoine,
>
>> There is a reevaluate happening every time a user connect to a SSID as
>> long as there is a new RADIUS request coming in.
>>
>  that's what I expected. My Aerohive and my Cisco WLC of course send a
> news Radius request... But pf doesn't reevaluate the acces, the old rule
> from the first connection persists.
>
>> Now for what you want to do, you could create a set of rules in your
>> source of authentication, AD I presume, and use the condition SSID. Send
>> back the role guest if the SSID is guest, or apply your normal rules if the
>> SSID is internal.
>>
> Yes, I have a rule for my WPA2 encrypted Wifi with 802.1x auth (no I don't
> use AD Auth, I use our client certificates from our Windows CA and make a
> EAP-TLS Authentification.)
> In that rule, I defined the appropriate SSID.
>
> currently I use the Internal Database for guest Users, but how can I
> configure a rule with internal users? Is it the "Legacy Source"? When I try
> to edit that rule, I get the following message:
> "Error! The file is not readable."
>
>
> Greetings
> Tobias
>
> On 09/21/2016 05:46 AM, Tobias Friede wrote:
>>
>> Hi,
>>
>> is it possible to reevaluate acces everytime, a client/user make a
>> reconnect on our wifi?
>>
>>
>> Greetings
>> Tobias
>>
>> 2016-09-02 11:36 GMT+02:00 Tobias Friede :
>>
>>> Hi,
>>>
>>> No one with an Idea how to fix my problem?
>>> Or is it better to use two packetfence servers, one for internal
>>> authentification and one for hotspot services?
>>>
>>> Greetings
>>> Tobias
>>>
>>> 2016-09-01 9:20 GMT+02:00 Tobias Friede :
>>> > Hi,
>>> >
>>> > I have the following problem. I have 2 SSIDs:
>>> > Guest and Internal.
>>> >
>>> > The Guest WiFi is OPEN an just secured with a captive page. The
>>> > internal is secured wit 802.1x EAP-TLS
>>> > If a user connects to the guest wifi and log in with a guest account,
>>> > our Aerohive APS and Cisco WLC will move them to the correct vLAN.
>>> > Everything seems to be fine. Unregistration via PF interface works
>>> > fine too, so CoA is working.
>>> >
>>> > But If a user moves to the internal WiFi, the VLAN doesn't change back
>>> > to the internal vLAN.
>>> > The client still remains in guest VLAN, I think, because the client is
>>> > registered for the guest user account.
>>> > Is there any solution to solve this?
>>> >
>>> >
>>> >
>>> > Greetings
>>> > Tobias
>>>
>>
>>
>>
>> --
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Antoine amacheraamac...@inverse.ca  ::  www.inverse.ca +1.514.447.4918 x130  
>> :: +1 (866) 353-6153 x130
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
>> (www.packetfence.org)
>>
>>
>> 
>> --
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users