Re: [PacketFence-users] Installing PacketFence Help?

[Durand fabrice via PacketFence-users]

Hello Thomas,

yes it's possible to do that, just configure snat interface in network 
config.


This will enable nating on the specific interface but you will need to 
use the router ip as the default gateway on packetfence.


Also i prefer debian as centos (i do the debian packaging) and i did a 
test for 7.2 with a debian jessie minimal install and didn't see any 
issue to install packetfence.


Before you start to install on debian be sure that the server is able to 
reach internet and to resolv any fqdn.


Btw give me all the step you did.

Regards

Fabrice



Le 2017-07-12 à 20:50, Thomas via PacketFence-users a écrit :


I tried it, but still seem to be having the same issue
I finally bit the bullet and went for CentOS, even though I’m a debian 
guy.


I got the install to happen with 0 issues, went to go though the 
configuration steps and this is where I am now getting confused.


I want to setup PF as a inline device between my router and my switch

Internet  Router  PF  Network

The way I understand the documentation is to set the connection 
between the router and PF as the management network, and the PF to 
Network connection as the Inline connection


However what id like to do, if possible, is add a third network to PF 
for the management.


Internet --- Router --- PF --- Network
--- Management

So the 3 interfaces I would end up with is Public Internet, Private 
Lan and Management


I hope this makes sense, and when I get some more free time, ill go 
back to playing with debian and see if I can get the installer to work 
on there as well


Thanks

*From: *jrouzier via PacketFence-users 


*Sent: *Thursday, 13 July 2017 02:53
*To: *packetfence-users@lists.sourceforge.net 


*Cc: *jrouzier 
*Subject: *Re: [PacketFence-users] Installing PacketFence Help?

Thomas,

It looks like there is a package missing

Try this and let me know.

apt-get install libclass-xsaccessor-perl

On 2017-07-11 6:01 PM, Thomas via PacketFence-users wrote:

Hey team

Im trying to install packetfence on a VM and I keep running into
issue after issue
I have tried to fix a few of them, but just keep hitting walls.

Can I get some help with installing it on my system.

I am installing it on a XenServer VM, happy to provide specs if
required


Here are the steps I have taken

First I installed Debian 8, updated everything and started the
install instructions from here
https://packetfence.org/doc/PacketFence_Administration_Guide.html
The first problem I kept running into was getting the key from
keys.gnupg.net (kept timing out)
I fixed this by pinging the server and using the IP that it
returned rather then the domain
(Although the domain worked fine this last time I did it while
writing these notes)

The next problem is when downloading what I assume is the
FingerBank Database
fingerbank_Upstream.db, always times out with the error
“curl: (18) transfer closed with 719998577 bytes remaining to read”
I have managed to fix it by going into
/var/lib/dpkg/info/fingerbank.postinst
and changing the curl command to the following
curl -o $FINGERBANK/db/fingerbank_Upstream.db
https://fingerbank.inverse.ca/api/v1/download?key=${_APIKEY}

--compressed
This allows it to shrink the file enough to download it.
(From aprox 1.5GB to 382MB)

This is where I am upto with Debian 8

first comes a long list of errors similar to this
insserv: warning: current start runlevel(s) (empty) of script
`freeradius' overrides LSB defaults (2 3 4 5).

insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of
script `freeradius' overrides LSB defaults (0 1 6).

Then
Could not write namespace config::
Could not write namespace interfaces
Quite a few lines of this

Followed by a few lines of
BEGIN failed--compilation aborted at
/usr/local/pf/lib/pf/dal/iterator.pm line 19.

Compilation failed in require at /usr/local/pf/lib/pf/dal.pm line 25.

And finally
Job for packetfence-httpd.admin.service failed.

Full PasteBin Here
https://pastebin.com/ygpJ43nk

I have tried Debian 7 as well, and gotten different errors
(Cant remember which off the top of my head, but I can redo it if
you need logs)

And the Virtual Appliance (OVF) file Imports fine into my VM
Then hangs on
A start job is running for dev-mapp...100.device
I have left it for half an hour which I know is excessive but
nothing changed

I know its a lot going on, and I feel like i’m missing an
important step causing all these errors during install.
Any help would be appreciated.

Thanks
Tom

Re: [PacketFence-users] Installing PacketFence Help?

[Thomas via PacketFence-users]

I tried it, but still seem to be having the same issue
I finally bit the bullet and went for CentOS, even though I’m a debian guy.

I got the install to happen with 0 issues, went to go though the configuration 
steps and this is where I am now getting confused.

I want to setup PF as a inline device between my router and my switch

Internet  Router  PF  Network

The way I understand the documentation is to set the connection between the 
router and PF as the management network, and the PF to Network connection as 
the Inline connection

However what id like to do, if possible, is add a third network to PF for the 
management.

Internet --- Router --- PF --- Network
--- Management

So the 3 interfaces I would end up with is Public Internet, Private Lan and 
Management

I hope this makes sense, and when I get some more free time, ill go back to 
playing with debian and see if I can get the installer to work on there as well

Thanks


From: jrouzier via PacketFence-users
Sent: Thursday, 13 July 2017 02:53
To: packetfence-users@lists.sourceforge.net
Cc: jrouzier
Subject: Re: [PacketFence-users] Installing PacketFence Help?

Thomas,
It looks like there is a package missing
Try this and let me know.
apt-get install libclass-xsaccessor-perl

On 2017-07-11 6:01 PM, Thomas via PacketFence-users wrote:
Hey team

Im trying to install packetfence on a VM and I keep running into issue after 
issue
I have tried to fix a few of them, but just keep hitting walls.

Can I get some help with installing it on my system.
I am installing it on a XenServer VM, happy to provide specs if required

Here are the steps I have taken 
 
First I installed Debian 8, updated everything and started the install 
instructions from here
https://packetfence.org/doc/PacketFence_Administration_Guide.html
The first problem I kept running into was getting the key from keys.gnupg.net 
(kept timing out)
I fixed this by pinging the server and using the IP that it returned rather 
then the domain
(Although the domain worked fine this last time I did it while writing these 
notes)

The next problem is when downloading what I assume is the FingerBank Database
fingerbank_Upstream.db, always times out with the error 
“curl: (18) transfer closed with 719998577 bytes remaining to read”
I have managed to fix it by going into 
/var/lib/dpkg/info/fingerbank.postinst
and changing the curl command to the following
curl -o $FINGERBANK/db/fingerbank_Upstream.db 
https://fingerbank.inverse.ca/api/v1/download?key=${_APIKEY} --compressed
This allows it to shrink the file enough to download it.
(From aprox 1.5GB to 382MB)
This is where I am upto with Debian 8

first comes a long list of errors similar to this
insserv: warning: current start runlevel(s) (empty) of script `freeradius' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script 
`freeradius' overrides LSB defaults (0 1 6).

Then 
Could not write namespace config::
Could not write namespace interfaces
Quite a few lines of this

Followed by a few lines of
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/dal/iterator.pm line 
19.
Compilation failed in require at /usr/local/pf/lib/pf/dal.pm line 25.

And finally
Job for packetfence-httpd.admin.service failed.

Full PasteBin Here
https://pastebin.com/ygpJ43nk

I have tried Debian 7 as well, and gotten different errors
(Cant remember which off the top of my head, but I can redo it if you need logs)

And the Virtual Appliance (OVF) file Imports fine into my VM
Then hangs on 
A start job is running for dev-mapp...100.device
I have left it for half an hour which I know is excessive but nothing changed 

I know its a lot going on, and I feel like i’m missing an important step 
causing all these errors during install.
Any help would be appreciated.

Thanks
Tom





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DLINK DGS3100

[Durand fabrice via PacketFence-users]

Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :


Hello All,

I’m developing a solution with PF ZEN and a Dlink DGS3100 
infrastructure in OOB scenario.


I’ve got some trouble to find correct syntax : registration VLAN is 
Ok, auth on captive works fine, but at least, redirect on correct VLAN 
doesn’t happens.


Note that other test works fine (If I put in force auth same ports I 
go to production network an so on)


Someone got ideas?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] email registration always remains status "incomplete"

[Durand fabrice via PacketFence-users]

Hello MJ,

when it happen, can you check in the database just after the duration 
has been extended ?

select * from node where mac="9c:2a:70:31:9b:9f';


Regards
Fabrice

Le 2017-07-12 à 10:18, mj via PacketFence-users a écrit :

Hi,

Let me rephrase this question, and also add some log evidence.

Packetfence correctly sets an expiration date for email registrations 
in the captive portal, but nevertheless already unregs the devices 
after 20 minutes, despite the setting correct unreg date.


Let me show you what happens:

Around 08:49, a ueser registers, and the reg email is sent:
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] User 
u...@externaldomain.com has authenticated on the portal. 
(Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] new activation code 
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile 
default (pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to 
u...@externaldomain.com (ourdomain.com: Email activation required) 
(pf::activation::try {...} )


Then at 08:52 the activition code is verified:

./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile 
default (pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] 
Activation code sent to email u...@externaldomain.com from 
u...@externaldomain.com successfully verified.  for activation type: 
guest (pf::activation::validate_code)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration 
to 2017-08-10 08:49:53 
(captiveportal::PacketFence::Controller::Activate::Email::code)


and registration duration is correctly extended to 2017-08-10. 
Everything seems correct.


HOWEVER 18 minutes later, at 09:10:

./pfmon.log.1:Jul 11 09:10:23 pf pfmon: pfmon(6242) INFO: 
[mac:unknown] modified 9c:2a:70:31:9b:9f from status 'reg' to 'unreg' 
based on unregdate colum (pf::node::nodes_maintenance)


./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices: 
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] stated changed, 
adapting firewall rules for proper enforcement 
(pf::inline::performInlineEnforcement)
./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices: 
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] Flushed 
connections for 10.19.235.15. (pf::ipset::iptables_unmark_node)


And the node is unreg again. :-(

The user tries again at 09:40:

./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User 
u...@externaldomain.com has authenticated on the portal. 
(Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] new activation code 
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile 
default (pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to 
u...@externaldomain.com (ourdomain.com: Email activation required) 
(pf::activation::try {...} )
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User 
u...@externaldomain.com has authenticated on the portal. 
(Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) WARN: [mac:9c:2a:70:31:9b:9f] Calling match with 
empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)


the activation link is verified again:

./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile 
default (pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] 
Activation code sent to email u...@externaldomain.com from 
u...@externaldomain.com successfully verified.  for activation type: 
guest (pf::activation::validate_code)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration 
to 2017-08-10 09:40:24 
(captiveportal::PacketFence::Controller::Activate::Email::code)


and duration 

Re: [PacketFence-users] why is my radius working? :-)

[Durand fabrice via PacketFence-users]

Hello Mourik,

it's completly normal, you have to think that winbind and ldap are 
different.


When you join the packetfence server to the domain it mean that you can 
do 802.1x peap auth but if you create an AD authentication source on 
PacketFence then you can't do 802.1x (AD authentication source is ldap 
and can be use for the portal).


But it doesn't mean than creating an AD source is useless, let take some 
few examples.


1: You have an openssid and define a connection profile that match on 
the ssid name and assign the AD source in this connection profile. So 
when you will hit the portal you will AUTHENTICATE on the AD source with 
your credentials and compute the rules to have the role and the 
unregdate. (ldap bind)


2: You have a secure ssid and define a connection profile that match on 
the ssid name and assign the AD source in this connection profile. So 
when you will hit the portal you will compute the rules to have the role 
and the unregdate. (ldap bind). In this case the AUTHENTICATION is made 
in freeradius (winbind) and freeradius jusk ask packetfence for the vlan.



So what happen in your case is the example 2, freeradius authenticate 
your user and host authentication but after that you have to define a 
connection profile that match the ssid and add AD source (user and 
machine) that will be able to compute the rule.


So per example create 2 AD sources, one for Machine auth (user 
attribute: servicePrincipalName) and another one for user auth (user 
attribute: sAMAccountName) then add them to you connection profile.


After that create your rules in the AD Source, like per example in the 
AD machine source a rule catch_all that assign a role machine and an 
access duration to 1 week and create a catch_all rule in AD user source 
that return the REJECT role and an access duration to 1 hour.


So machine auth will work but user auth will be REJECT.

It's sometimes a little bit complex to understand but once you catch it 
it will be trivial to configure.


Regards
Fabrice

Le 2017-07-11 à 08:58, mourik jan heupink a écrit :

Hi Fabrice,

Thanks for your answer!

On 07/11/2017 02:07 AM, Durand fabrice via PacketFence-users wrote:
When you start your computer , before login with your user account 
the device authenticate with the machine account. (this is what you 
configured on the device).
Yes, this I understand. And this is what I expect with usersource 
CN=Computers,DC=ad,DC=company,DC=com and with username set to 
servicePrincipalName


With that usersource, I would expect only machine account 
authentications to work. But machines AND users (are in 
CN=Users,...) both work.
It probably works because the machine auth worked on the first time 
(i need logs to verify that).


But after the user logged on, the USER is authenticated, as can be 
seen from the logs:


Jul 10 19:42:00 pf auth[1892]: (48) Login OK: 
[host/P002507.ad.company.com] (from client a.b.c.248 port 134 cli 
2c:41:38:90:68:8f via TLS tunnel)
Jul 10 19:42:00 pf auth[1892]: (49) Login OK: 
[host/P002507.ad.company.com] (from client a.b.c.248 port 134 cli 
2c:41:38:90:68:8f)
Jul 10 19:42:13 pf auth[1892]: rlm_rest (rest): Closing connection 
(6): Hit idle_timeout, was idle for 71 seconds
Jul 10 19:42:13 pf auth[1892]: Need 1 more connections to reach min 
connections (3)
Jul 10 19:42:13 pf auth[1892]: rlm_rest (rest): Opening additional 
connection (8), 1 of 62 pending slots used
Jul 10 19:42:13 pf auth[1892]: rlm_sql (sql): Closing connection (8): 
Hit idle_timeout, was idle for 71 seconds
Jul 10 19:42:13 pf auth[1892]: Need 1 more connections to reach min 
connections (3)
Jul 10 19:42:13 pf auth[1892]: rlm_sql (sql): Opening additional 
connection (10), 1 of 62 pending slots used
Jul 10 19:42:13 pf auth[1892]: (58)   Login OK: [DOMAIN\username] 
(from client a.b.c.248 port 134 cli 2c:41:38:90:68:8f via TLS tunnel)
Jul 10 19:42:13 pf auth[1892]: (59) Login OK: [DOMAIN\username] (from 
client a.b.c.248 port 134 cli 2c:41:38:90:68:8f)


So packetfence seems to be able to authenticate both users and 
machines. (both pacetfence and the workstation have been rebooted)



I need to check the config you did. (profiles.conf, authentication.conf)


I will provide them below, though I don't see how the contents of 
profiles.conf is relevant..?


Curious to your findings!


root@pf:/usr/local/pf/conf# cat profiles.conf
#
# Copyright (C) 2005-2017 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
logo=/common/packetfence.jpg
redirecturl=https://www.company.com
always_use_redirecturl=enabled
login_attempt_limit=5
sources=company-ad-users,email
access_registration_when_registered=enabled
#
# Copyright (C) 2005-2017 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html

Re: [PacketFence-users] Recommended Linux Distro for PF

[Antoine Amacher via PacketFence-users]

Hello Steve,

CentOS is our "main" distribution we use, so we would recommend this one.

Thanks


On 07/12/2017 03:56 PM, Steve Allen via PacketFence-users wrote:

Hello All

I've followed PacketFence for awhile now but never had enough time to 
put it into a production network.


I'm hoping to do this in the very near future and my first question is 
related to the OS to choose.


Based on your own experiences which Linux distro would you recommend; 
CentOS or Debian?


Is one more stable/reliable than the other?

Is one easier to maintain/update PF?

Any insight would be helpful.

Thanks

--

*Steve Allen*
*SJA Networks*

Email: steve.al...@sjanetworks.co.uk 


Mobile: 07500 008196




This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they 
are addressed. If you have received this email in error please notify 
the sender and then delete your copy of the email.


The views expressed in this email are the views of the individual and 
may not reflect the views of SJA Networks.





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Recommended Linux Distro for PF

[Steve Allen via PacketFence-users]

Hello All

I've followed PacketFence for awhile now but never had enough time to put
it into a production network.

I'm hoping to do this in the very near future and my first question is
related to the OS to choose.

Based on your own experiences which Linux distro would you recommend;
CentOS or Debian?

Is one more stable/reliable than the other?

Is one easier to maintain/update PF?

Any insight would be helpful.

Thanks

-- 

*Steve Allen*
*SJA Networks*

Email: steve.al...@sjanetworks.co.uk
Mobile: 07500 008196

-- 

--
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the sender and then 
delete your copy of the email.

The views expressed in this email are the views of the individual and may 
not reflect the views of SJA Networks.
--

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Adding One Time Password (OTP) to captive portal

[jrouzier via PacketFence-users]

Nicolas,

You are welcome.

The captiveportal uses a challenge to support OTP from sources.

The default template for the displaying the challenge is challenge.html.

The only field that is required for the challenge is a password.

To better understand the work flow of the challenge you can also look at

/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/Login.pm


On 2017-07-12 10:45 AM, Nicolás Catalani via PacketFence-users wrote:

Thanks for the quick response!
I understand. I'm going to try with these options and see what I can get.
Another question: when the captive portal shows up, it have two field: 
one for user and one for password. Is there a template for OTP or I 
need to modify the html file and the logic behind this?


Thank

2017-07-12 11:32 GMT-03:00 jrouzier via PacketFence-users 
>:


Nicolas,

If your OTP implementation uses RADIUS just setup your Captive
portal to use a radius authentication source and it should work.
If not then you would need to to create a new
pf::Authentication::Source you can use
/usr/local/pf/lib/pf/Authentication/Source/RADIUSSource.pm as a
reference.


On 2017-07-12 10:24 AM, Nicolás Catalani via PacketFence-users wrote:

Hi colleagues!

We have implemented PacketFence and it works great! But now we
would like to add a captive portal for wirelless access using
OTP. The thing is We have our own OTP development. It is possible
add this to authenticate a user? How We can get this done?

Regards!


-- 
Nicolas Catalani.

​​




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Nicolas Catalani.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Installing PacketFence Help?

[jrouzier via PacketFence-users]

Thomas,

It looks like there is a package missing

Try this and let me know.

apt-get install libclass-xsaccessor-perl


On 2017-07-11 6:01 PM, Thomas via PacketFence-users wrote:


Hey team

Im trying to install packetfence on a VM and I keep running into issue 
after issue

I have tried to fix a few of them, but just keep hitting walls.

Can I get some help with installing it on my system.

I am installing it on a XenServer VM, happy to provide specs if required


Here are the steps I have taken

First I installed Debian 8, updated everything and started the install 
instructions from here

https://packetfence.org/doc/PacketFence_Administration_Guide.html
The first problem I kept running into was getting the key from 
keys.gnupg.net (kept timing out)
I fixed this by pinging the server and using the IP that it returned 
rather then the domain
(Although the domain worked fine this last time I did it while writing 
these notes)


The next problem is when downloading what I assume is the FingerBank 
Database

fingerbank_Upstream.db, always times out with the error
“curl: (18) transfer closed with 719998577 bytes remaining to read”
I have managed to fix it by going into
/var/lib/dpkg/info/fingerbank.postinst
and changing the curl command to the following
curl -o $FINGERBANK/db/fingerbank_Upstream.db 
https://fingerbank.inverse.ca/api/v1/download?key=${_APIKEY} 
 
--compressed

This allows it to shrink the file enough to download it.
(From aprox 1.5GB to 382MB)

This is where I am upto with Debian 8

first comes a long list of errors similar to this
insserv: warning: current start runlevel(s) (empty) of script 
`freeradius' overrides LSB defaults (2 3 4 5).


insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script 
`freeradius' overrides LSB defaults (0 1 6).


Then
Could not write namespace config::
Could not write namespace interfaces
Quite a few lines of this

Followed by a few lines of
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/dal/iterator.pm line 19.


Compilation failed in require at /usr/local/pf/lib/pf/dal.pm line 25.

And finally
Job for packetfence-httpd.admin.service failed.

Full PasteBin Here
https://pastebin.com/ygpJ43nk

I have tried Debian 7 as well, and gotten different errors
(Cant remember which off the top of my head, but I can redo it if you 
need logs)


And the Virtual Appliance (OVF) file Imports fine into my VM
Then hangs on
A start job is running for dev-mapp...100.device
I have left it for half an hour which I know is excessive but nothing 
changed


I know its a lot going on, and I feel like i’m missing an important 
step causing all these errors during install.

Any help would be appreciated.

Thanks
Tom



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Adding One Time Password (OTP) to captive portal

[Nicolás Catalani via PacketFence-users]

Thanks for the quick response!
I understand. I'm going to try with these options and see what I can get.
Another question: when the captive portal shows up, it have two field: one
for user and one for password. Is there a template for OTP or I need to
modify the html file and the logic behind this?

Thank

2017-07-12 11:32 GMT-03:00 jrouzier via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Nicolas,
>
> If your OTP implementation uses RADIUS just setup your Captive portal to
> use a radius authentication source and it should work.
> If not then you would need to to create a new pf::Authentication::Source
> you can use /usr/local/pf/lib/pf/Authentication/Source/RADIUSSource.pm as
> a reference.
>
> On 2017-07-12 10:24 AM, Nicolás Catalani via PacketFence-users wrote:
>
> Hi colleagues!
>
> We have implemented PacketFence and it works great! But now we would like
> to add a captive portal for wirelless access using OTP. The thing is We
> have our own OTP development. It is possible add this to authenticate a
> user? How We can get this done?
>
> Regards!
>
>
> --
> Nicolas Catalani.
> ​​
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Nicolas Catalani.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Machine authentication

[luca comes via PacketFence-users]

Hi Fabrice,

I solved my problem. You put me on the right way, I was doing an error in the 
base DN where PF was serching for machine names. I really thank you.


Luca


Inviato da Outlook



Da: luca comes via PacketFence-users 
Inviato: martedì 11 luglio 2017 11:36
A: packetfence-users@lists.sourceforge.net
Cc: luca comes
Oggetto: Re: [PacketFence-users] Machine authentication


Hello Fabrice,

I will test your suggestion, but how can I obtain the machine password? As far 
as I know It's written inside an encrypted portion of the registry, I'm trying 
to reset it with netdom but I'm not sure it can help.


Luca


Inviato da Outlook



Da: Durand fabrice via PacketFence-users 

Inviato: martedì 11 luglio 2017 01:55
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] Machine authentication


Hello Luca,


You need to test this source with a machine account (UserPrincipalName), not a 
user account (sAMAccountName), this is why it failled.


Try that:
/usr/local/pf/bin/pftest authentication host/LAB3-NB.dm.loc 
reallystrongpassword DM_Machine_Auth_PDC

Also capture the ldap traffic from the packetfence server (something like that: 
tshark -i eth0 -f "port 389" -w /tmp/ldap.pcap) and analyse the ldap.pcap file 
under wireshark.
Regards
Fabrice

Le 2017-07-10 à 09:50, luca comes a écrit :

It's really strange Fabrice,

because if I try it from the gui it tells me success but if I try from pftest 
doesn't work (perhaps I'm wrong with the command):


[root@pfnac01 ~]#/usr/local/pf/bin/pftest authentication ldapuser  
DM_Machine_Auth_PDC

Testing authentication for "ldapuser"

Authenticating against DM_Machine_Auth_PDC
  Authentication FAILED against DM_Machine_Auth_PDC (Invalid login or password)
  Did not match against DM_Machine_Auth_PDC for 'authentication' rules
  Did not match against DM_Machine_Auth_PDC for 'administration' rules


But both the rules and the roles are defined:


authentication.conf:


[DM_Machine_Auth_PDC]
description=Domain Machine Authentication
password=
scope=sub
binddn=CN=ldapuser,OU=DMGROUP,DC=dm,DC=loc
basedn=OU=DMGROUP,DC=dm,DC=loc
email_attribute=mail
usernameattribute=ServicePrincipalName
connection_timeout=5
stripped_user_name=yes
encryption=none
dynamic_routing_module=AuthModule
port=389
type=AD
host=dc2dm.dm.loc

[DM_Machine_Auth_PDC rule prova]
description=
class=authentication
match=all
action0=set_access_duration=1h
action1=set_role=Dipendenti

roles.conf

[Dipendenti]
notes=Accesso VLAN 167
max_nodes_per_pid=2

[Dipendenti_2]
notes=Accesso VLAN 251
max_nodes_per_pid=2

[Test]
notes=Accesso VLAN 20
max_nodes_per_pid=1

[MAR]
notes=Machine Auth
max_nodes_per_pid=1




Inviato da Outlook



Da: Fabrice Durand 
Inviato: lunedì 10 luglio 2017 15:30
A: luca comes; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: [PacketFence-users] Machine authentication


Your issue is with the DM_Machine_Auth_PDC source.

Verify that you are able to bind with this source.

Also you can use pftest.


Le 2017-07-10 à 09:24, luca comes a écrit :

Hi Fabrice,

yes I was checking the debug and I saw it. In the attached packetfence.log I 
can see ERROR: [mac:00:9c:02:92:ea:b0] Error binding 'Connection reset by peer' 
(pf::LDAP::bind) but the domain join is still working with wbinf -u for example.


Luca


Inviato da Outlook



Da: Fabrice Durand 
Inviato: lunedì 10 luglio 2017 15:06
A: luca comes; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: [PacketFence-users] Machine authentication


The machine authentication is ok this time.

Do you have the packetfence.log for this device ?


Le 2017-07-10 à 08:58, luca comes a écrit :

Hello Fabrice,

attached you can find radius debug file of the transaction.


Thanks


Luca


Inviato da Outlook



Da: Fabrice Durand 
Inviato: lunedì 10 luglio 2017 14:48
A: luca comes; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: [PacketFence-users] Machine authentication


Hello Luca,

you need to have the realm to use the correct domain join.


Also what i need is the complete radius debug when you try machine 
authentication.

Regards

Fabrice


Le 2017-07-10 à 08:45, luca comes a écrit :

Hi Fabrice,

in this manner the error is not shown in radius.log but machine authentication 
is still not working. Also as the preceding email the domain (DM) is correctly 

Re: [PacketFence-users] Adding One Time Password (OTP) to captive portal

[jrouzier via PacketFence-users]

Nicolas,

If your OTP implementation uses RADIUS just setup your Captive portal to 
use a radius authentication source and it should work.
If not then you would need to to create a new pf::Authentication::Source 
you can use /usr/local/pf/lib/pf/Authentication/Source/RADIUSSource.pm 
as a reference.



On 2017-07-12 10:24 AM, Nicolás Catalani via PacketFence-users wrote:

Hi colleagues!

We have implemented PacketFence and it works great! But now we would 
like to add a captive portal for wirelless access using OTP. The thing 
is We have our own OTP development. It is possible add this to 
authenticate a user? How We can get this done?


Regards!


--
Nicolas Catalani.
​​



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Adding One Time Password (OTP) to captive portal

[Nicolás Catalani via PacketFence-users]

Hi colleagues!

We have implemented PacketFence and it works great! But now we would like
to add a captive portal for wirelless access using OTP. The thing is We
have our own OTP development. It is possible add this to authenticate a
user? How We can get this done?

Regards!


-- 
Nicolas Catalani.
​​
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] email registration always remains status "incomplete"

[mj via PacketFence-users]

Hi,

Let me rephrase this question, and also add some log evidence.

Packetfence correctly sets an expiration date for email registrations in 
the captive portal, but nevertheless already unregs the devices after 20 
minutes, despite the setting correct unreg date.


Let me show you what happens:

Around 08:49, a ueser registers, and the reg email is sent:

./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] User u...@externaldomain.com 
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] new activation code 
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal: 
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to 
u...@externaldomain.com (ourdomain.com: Email activation required) 
(pf::activation::try {...} )


Then at 08:52 the activition code is verified:


./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] Activation 
code sent to email u...@externaldomain.com from u...@externaldomain.com 
successfully verified.  for activation type: guest 
(pf::activation::validate_code)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration to 
2017-08-10 08:49:53 
(captiveportal::PacketFence::Controller::Activate::Email::code)


and registration duration is correctly extended to 2017-08-10. 
Everything seems correct.


HOWEVER 18 minutes later, at 09:10:


./pfmon.log.1:Jul 11 09:10:23 pf pfmon: pfmon(6242) INFO: [mac:unknown] 
modified 9c:2a:70:31:9b:9f from status 'reg' to 'unreg' based on unregdate 
colum (pf::node::nodes_maintenance)

./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices: 
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] stated changed, adapting 
firewall rules for proper enforcement (pf::inline::performInlineEnforcement)
./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices: 
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] Flushed connections for 
10.19.235.15. (pf::ipset::iptables_unmark_node)


And the node is unreg again. :-(

The user tries again at 09:40:


./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User u...@externaldomain.com 
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] new activation code 
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to 
u...@externaldomain.com (ourdomain.com: Email activation required) 
(pf::activation::try {...} )
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User u...@externaldomain.com 
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal: 
httpd.portal(6084) WARN: [mac:9c:2a:70:31:9b:9f] Calling match with 
empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)


the activation link is verified again:


./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] Activation 
code sent to email u...@externaldomain.com from u...@externaldomain.com 
successfully verified.  for activation type: guest 
(pf::activation::validate_code)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal: 
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration to 
2017-08-10 09:40:24 
(captiveportal::PacketFence::Controller::Activate::Email::code)


and duration is once again extended to august 10. And this this time, it 
seems to have worked, as this date/time also shows up in the pf GUI.


So, the second reg attempt works, first reg attempt doesnt.

In the PF GUI, under reports, "all 

Re: [PacketFence-users] Unable to view the web configuration page after installation

[Louis Munro via PacketFence-users]

Hi,

> On Jul 12, 2017, at 02:57, Muralidhar BG  
> wrote:
> 
> 
> Where in the documentation does it say that?
> 
> 
> Link: 
> https://packetfence.org/doc/PacketFence_Administration_Guide.html#_system_requirements
>  
> 
> 
> Under section 3.1: 
> "In this guide, we assume that all those components are running on the same 
> server (i.e., "localhost" or "127.0.0.1") that PacketFence will be installed 
> on.


Mmm...
That is somewhat ambiguous, I admit.
This is meant to indicate that while in some configuration the services may be 
decoupled and run on separate servers/VMs, for the purposes of the guide they 
are assumed to all run on the same host.
You are not meant to install them. Installing the packetfence package will take 
care of that as you have found.



>> 
>> What I have observed is that if I do not install these dependencies before 
>> have the packetfence package installs them. But then again I get an error 
>> message with mysql after installation (as mentioned in my initial email)
> 
> That is the point of using a package manager such as yum.
> 
> 
> I understand how a package manager works. But the problem I am facing is 
> starting the mysql instace once packetfence is installed. I used the command:
> 
> $ sudo systemctl start mysqld
> 
> I got the following error: Failed to start mysqld.service: Unit is masked.
> 
> What is the first thing I need to do right after installing packetfence to 
> view the web configuration page?


You don't have to start mysql.
Just start configuring by logging on to the configurator web app at 
https://$HOST:1443/ 

See section 9 here: 
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_configuration
 



Don't overthink this.
You are meant to just install the packetfence package.
Systemd will start the required services on it's own.


Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Installing PacketFence Help?

[Thomas via PacketFence-users]

Hey team

Im trying to install packetfence on a VM and I keep running into issue after 
issue
I have tried to fix a few of them, but just keep hitting walls.

Can I get some help with installing it on my system.

I am installing it on a XenServer VM, happy to provide specs if required

Here are the steps I have taken 

First I installed Debian 8, updated everything and started the install 
instructions from here
https://packetfence.org/doc/PacketFence_Administration_Guide.html
The first problem I kept running into was getting the key from keys.gnupg.net 
(kept timing out)
I fixed this by pinging the server and using the IP that it returned rather 
then the domain
(Although the domain worked fine this last time I did it while writing these 
notes)

The next problem is when downloading what I assume is the FingerBank Database
fingerbank_Upstream.db, always times out with the error 
“curl: (18) transfer closed with 719998577 bytes remaining to read”
I have managed to fix it by going into 
/var/lib/dpkg/info/fingerbank.postinst
and changing the curl command to the following
curl -o $FINGERBANK/db/fingerbank_Upstream.db 
https://fingerbank.inverse.ca/api/v1/download?key=${_APIKEY} --compressed
This allows it to shrink the file enough to download it.
(From aprox 1.5GB to 382MB)

This is where I am upto with Debian 8

first comes a long list of errors similar to this
insserv: warning: current start runlevel(s) (empty) of script `freeradius' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script 
`freeradius' overrides LSB defaults (0 1 6).

Then 
Could not write namespace config::
Could not write namespace interfaces
Quite a few lines of this

Followed by a few lines of
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/dal/iterator.pm line 
19.
Compilation failed in require at /usr/local/pf/lib/pf/dal.pm line 25.

And finally
Job for packetfence-httpd.admin.service failed.

Full PasteBin Here
https://pastebin.com/ygpJ43nk

I have tried Debian 7 as well, and gotten different errors
(Cant remember which off the top of my head, but I can redo it if you need logs)

And the Virtual Appliance (OVF) file Imports fine into my VM
Then hangs on 
A start job is running for dev-mapp...100.device
I have left it for half an hour which I know is excessive but nothing changed 

I know its a lot going on, and I feel like i’m missing an important step 
causing all these errors during install.
Any help would be appreciated.

Thanks
Tom

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unable to view the web configuration page after installation

[Muralidhar BG via PacketFence-users]

On Tue, Jul 11, 2017 at 5:20 PM, Louis Munro  wrote:

>
>
> On Jul 11, 2017, at 00:38, Muralidhar BG via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello,
>
> I want to understand something. According to the documentation I should
> have apache, dhcp, mysql (or mariadb) and freeradius installed and
> configured before trying to install packetfence. If I install packetfence
> after installing these dependencies I get an error message (during
> installtion) relating to mysql stating there is a conflict.
>
>
>
> Where in the documentation does it say that?
>
>
Link:
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_system_requirements

Under section 3.1:
"In this guide, we assume that all those components are running on the same
server (i.e., "localhost" or "127.0.0.1") that PacketFence will be
installed on.

Good understanding of those underlying component and GNU/Linux is required
to install PacketFence. If you miss some of those required components,
please refer to the appropriate documentation and proceed with the
installation of these requirements before continuing with this guide."

>
> What I have observed is that if I do not install these dependencies before
> have the packetfence package installs them. But then again I get an error
> message with mysql after installation (as mentioned in my initial email)
>
>
> That is the point of using a package manager such as yum.
>
>
I understand how a package manager works. But the problem I am facing is
starting the mysql instace once packetfence is installed. I used the
command:

$ sudo systemctl start mysqld

I got the following error: Failed to start mysqld.service: Unit is masked.

What is the first thing I need to do right after installing packetfence to
view the web configuration page?

>
>
> PS: packetfence expects Firewall, SELinux, AppArmor, resolvconf to be
> disabled. But once I launch an centos instance in Amazon in does not have
> firewall, AppArmor and resolvconf. Is that okay?
>
>
> I haven't tried it on an Amazon instance.
> I assume it depends on what AMI you chose.
>
> The bottom line is that SELinux interferes with some of the fancier
> features of PF, and PF intends to manage the firewall rules by hand (e.g.
> using the iptables command and not firewalld).
>
>
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca  ::  www.inverse.ca
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>



-- 
Regards,
*Muralidhar B.G,*
*Backend Developer,*
www.cumulations.com | M: +91 9886851676
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] DLINK DGS3100

[Alessandro Canella via PacketFence-users]

Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users