date:20171003

[PacketFence-users] Packetfence missing snort config

2017-10-03 Thread kam thang via PacketFence-users

Hi Guys,

I'm planning to enable snort on packetfence but when i look for the snort
conf in packetfence on the location /usr/local/pf/var/conf ... i couldn't
find the snort.conf anywhere can you please help...

OS: CentOS7 64bit
Packetfence : yum installed packetfence-release-1.2-5.1.noarch.rpm

Snort installed 2.9.9.0


Thanks,
Kam
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Luís Torres via PacketFence-users

 

Fabrice, 

my bad..., the crt and key was not correctly exported.


Followed this procudure from de .pfx and it worked like you said:


ake the file you exported (e.g. certname.pfx) and copy it to a system
where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12
format and includes both the certificate and the private key. 

Run the
following command to export the private key: openssl pkcs12 -in
certname.pfx -nocerts -out key.pem -nodes
Run the following command to
export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out
cert.pem
Run the following command to remove the passphrase from the
private key: openssl rsa -in key.pem -out server.key 

Thanks 

Em
2017-10-03 14:54, Fabrice Durand via PacketFence-users escreveu: 

> You
probably did a mistake with the concatenated certificate. 
> 
> Is there
any empty lines in the file ? 
> 
> Le 2017-10-03 à 09:48, Luís Torres
via PacketFence-users a écrit : 
> 
>> Hi Fabrice, 
>> 
>> Just did
that, restarted the haproxy but the result was : 
>> 
>> ERROR
pfcmd.pl(50729): pf::services::manager::haproxy=HASH(0xade6b0)->name
died or has failed to start (pf::services::manager::postStartCleanup)

>> 
>> the service HAproxy wont start 
>> 
>> regards 
>> 
>> LT 
>>

>> Em 2017-10-03 14:13, Fabrice Durand via PacketFence-users escreveu:

>> 
>>> In fact haproxy terminate the ssl tunnel so you don't have to
change the ssl-certificates.conf file. 
>>> 
>>> This file is just use
for the admin interface now and not the portal anymore. 
>>> 
>>> So
just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)

>>> 
>>> cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key >
conf/ssl/server.pem 
>>> 
>>> Regards 
>>> 
>>> Fabrice 
>>> 
>>> Le
2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit : 
>>>

 thank you Fabrice, 
 
 The ssl-certificates.conf should be
like this as well? : 
 
 _SSLCERTIFICATECHAINFILE
%%INSTALL_DIR%%/CONF/SSL/SERVER.PEM_ 
 
 cheers 
 
 Em
2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu: 


> Hello Luís, 
> 
> you need to concatenate the
certificates like that: 
> 
> cat conf/ssl/server.crt
conf/ssl/server.key > conf/ssl/server.pem 
> 
> and restart
haproxy 
> 
> Regards 
> 
> Fabrice 
> 
> Le
2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit : 
>

>> Hi, 
>> 
>> to stop the cert error on the captive
portal, its only need to change it on ssl-certificates.conf to point to
the correct ones? 
>> 
>> thanks 
>> 
>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>

>> ___
>>
PacketFence-users mailing list
>>
PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>

>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>

> ___
>
PacketFence-users mailing list
>
PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]



--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]


 ___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>

>>> -- 
>>> Fabrice Durand
>>> fdur...@inverse.ca :: +1.514.447.4918
(x135) :: www.inverse.ca [3]
>>> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5])

>>> 
>>>
--
>>>
Check out the vibrant tech community on one of the world's most
>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>> 
>>>
___
>>> PacketFence-users
mailing list
>>> PacketFence-users@lists.sourceforge.net
>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>

>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>

Re: [PacketFence-users] radius | node remains unreg

2017-10-03 Thread lists via PacketFence-users



On 3-10-2017 15:11, Fabrice Durand via PacketFence-users wrote:

you can create a connection profile based on the connection type
Ethernet-EAP and activate autoregistration on it.


Perfect!

Worked like a charm! :-)

Thanks Fabrice

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Luís Torres via PacketFence-users

 

did directly from a pfx 

_OPENSSL PKCS12 -IN INFRA.PFX -OUT
SERVER.PEM_ 

no empty lines. 

But using crt and key > pem 

it as
empty lines 

_SSL# CAT INFRA.CRT INFRA.KEY > INFRA.PEM_ 

LT 

Em
2017-10-03 14:54, Fabrice Durand via PacketFence-users escreveu: 

> You
probably did a mistake with the concatenated certificate. 
> 
> Is there
any empty lines in the file ? 
> 
> Le 2017-10-03 à 09:48, Luís Torres
via PacketFence-users a écrit : 
> 
>> Hi Fabrice, 
>> 
>> Just did
that, restarted the haproxy but the result was : 
>> 
>> ERROR
pfcmd.pl(50729): pf::services::manager::haproxy=HASH(0xade6b0)->name
died or has failed to start (pf::services::manager::postStartCleanup)

>> 
>> the service HAproxy wont start 
>> 
>> regards 
>> 
>> LT 
>>

>> Em 2017-10-03 14:13, Fabrice Durand via PacketFence-users escreveu:

>> 
>>> In fact haproxy terminate the ssl tunnel so you don't have to
change the ssl-certificates.conf file. 
>>> 
>>> This file is just use
for the admin interface now and not the portal anymore. 
>>> 
>>> So
just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)

>>> 
>>> cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key >
conf/ssl/server.pem 
>>> 
>>> Regards 
>>> 
>>> Fabrice 
>>> 
>>> Le
2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit : 
>>>

 thank you Fabrice, 
 
 The ssl-certificates.conf should be
like this as well? : 
 
 _SSLCERTIFICATECHAINFILE
%%INSTALL_DIR%%/CONF/SSL/SERVER.PEM_ 
 
 cheers 
 
 Em
2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu: 


> Hello Luís, 
> 
> you need to concatenate the
certificates like that: 
> 
> cat conf/ssl/server.crt
conf/ssl/server.key > conf/ssl/server.pem 
> 
> and restart
haproxy 
> 
> Regards 
> 
> Fabrice 
> 
> Le
2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit : 
>

>> Hi, 
>> 
>> to stop the cert error on the captive
portal, its only need to change it on ssl-certificates.conf to point to
the correct ones? 
>> 
>> thanks 
>> 
>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>

>> ___
>>
PacketFence-users mailing list
>>
PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>

>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>

> ___
>
PacketFence-users mailing list
>
PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]



--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]


 ___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>

>>> -- 
>>> Fabrice Durand
>>> fdur...@inverse.ca :: +1.514.447.4918
(x135) :: www.inverse.ca [3]
>>> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5])

>>> 
>>>
--
>>>
Check out the vibrant tech community on one of the world's most
>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>> 
>>>
___
>>> PacketFence-users
mailing list
>>> PacketFence-users@lists.sourceforge.net
>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>

>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
> 
>
-- 
> Fabrice Durand
> fdur...@inverse.ca :: +1.514.447.4918 (x135) ::
www.inverse.ca [3]
> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5]) 
>

>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Fabrice Durand via PacketFence-users

You probably did a mistake with the concatenated certificate.

Is there any empty lines in the file ?


Le 2017-10-03 à 09:48, Luís Torres via PacketFence-users a écrit :
>
> Hi Fabrice,
>
>  
>
> Just did that, restarted the haproxy but the result was :
>
>  
>
> ERROR pfcmd.pl(50729):
> pf::services::manager::haproxy=HASH(0xade6b0)->name died or has failed
> to start (pf::services::manager::postStartCleanup)
>
>  
>
> the service HAproxy wont start
>
>  
>
> regards
>
> LT
>
>  
>
> Em 2017-10-03 14:13, Fabrice Durand via PacketFence-users escreveu:
>
>> In fact haproxy terminate the ssl tunnel so you don't have to change
>> the ssl-certificates.conf file.
>>
>> This file is just use for the admin interface now and not the portal
>> anymore.
>>
>> So just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate
>> files)
>>
>> cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key > conf/ssl/server.pem
>>
>> Regards
>>
>> Fabrice
>>
>>  
>>
>>
>> Le 2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit :
>>>
>>> thank you Fabrice,
>>>
>>>  
>>>
>>> The ssl-certificates.conf should be like this as well? :
>>>
>>>  
>>>
>>> */SSLCertificateChainFile %%install_dir%%/conf/ssl/server.pem/*
>>>
>>>  
>>>
>>>  
>>>
>>> cheers
>>>
>>>  
>>>
>>> Em 2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu:
>>>
>>> Hello Luís,
>>>
>>> you need to concatenate the certificates like that:
>>>
>>> cat conf/ssl/server.crt conf/ssl/server.key > conf/ssl/server.pem
>>>
>>> and restart haproxy
>>>
>>>  
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>  
>>>
>>>
>>> Le 2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit :
>>>
>>> Hi,
>>>
>>>  
>>>
>>> to stop the cert error on the captive portal, its only need
>>> to change it on ssl-certificates.conf to point to the
>>> correct ones?
>>>
>>>  
>>>
>>> thanks
>>>
>>>  
>>>
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> 
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>  
>>>
>>>  
>>>
>>>
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> -- 
>> Fabrice Durand
>> fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org) 
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>  
>
>  
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Luís Torres via PacketFence-users

 

Hi Fabrice, 

Just did that, restarted the haproxy but the result
was : 

ERROR pfcmd.pl(50729):
pf::services::manager::haproxy=HASH(0xade6b0)->name died or has failed
to start (pf::services::manager::postStartCleanup) 

the service HAproxy
wont start 

regards 

LT 

Em 2017-10-03 14:13, Fabrice Durand via
PacketFence-users escreveu: 

> In fact haproxy terminate the ssl tunnel
so you don't have to change the ssl-certificates.conf file. 
> 
> This
file is just use for the admin interface now and not the portal anymore.

> 
> So just do that: (MyCERT.crt and MyPRIVKEY.key are your
certificate files) 
> 
> cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key
> conf/ssl/server.pem 
> 
> Regards 
> 
> Fabrice 
> 
> Le 2017-10-03 à
05:25, Luís Torres via PacketFence-users a écrit : 
> 
>> thank you
Fabrice, 
>> 
>> The ssl-certificates.conf should be like this as well?
: 
>> 
>> _SSLCERTIFICATECHAINFILE %%INSTALL_DIR%%/CONF/SSL/SERVER.PEM_

>> 
>> cheers 
>> 
>> Em 2017-10-02 23:49, Durand fabrice via
PacketFence-users escreveu: 
>> 
>>> Hello Luís, 
>>> 
>>> you need to
concatenate the certificates like that: 
>>> 
>>> cat
conf/ssl/server.crt conf/ssl/server.key > conf/ssl/server.pem 
>>> 
>>>
and restart haproxy 
>>> 
>>> Regards 
>>> 
>>> Fabrice 
>>> 
>>> Le
2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit : 
>>>

 Hi, 
 
 to stop the cert error on the captive portal, its
only need to change it on ssl-certificates.conf to point to the correct
ones? 
 
 thanks 
 

--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]


 ___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>

>>>
--
>>>
Check out the vibrant tech community on one of the world's most
>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>> 
>>>
___
>>> PacketFence-users
mailing list
>>> PacketFence-users@lists.sourceforge.net
>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>

>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
> 
>
-- 
> Fabrice Durand
> fdur...@inverse.ca :: +1.514.447.4918 (x135) ::
www.inverse.ca [3]
> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5]) 
>

>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users
mailing list
> PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]




Links:
--
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[3]
http://www.inverse.ca
[4] http://www.sogo.nu
[5] http://packetfence.org
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Fabrice Durand via PacketFence-users

In fact haproxy terminate the ssl tunnel so you don't have to change the
ssl-certificates.conf file.

This file is just use for the admin interface now and not the portal
anymore.

So just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)

cat conf/ssl/MyCERT.crt conf/ssl/MyPRIVKEY.key > conf/ssl/server.pem

Regards

Fabrice



Le 2017-10-03 à 05:25, Luís Torres via PacketFence-users a écrit :
>
> thank you Fabrice,
>
>  
>
> The ssl-certificates.conf should be like this as well? :
>
>  
>
> */SSLCertificateChainFile %%install_dir%%/conf/ssl/server.pem/*
>
>  
>
>  
>
> cheers
>
>  
>
> Em 2017-10-02 23:49, Durand fabrice via PacketFence-users escreveu:
>
>> Hello Luís,
>>
>> you need to concatenate the certificates like that:
>>
>> cat conf/ssl/server.crt conf/ssl/server.key > conf/ssl/server.pem
>>
>> and restart haproxy
>>
>>  
>>
>> Regards
>>
>> Fabrice
>>
>>  
>>
>>
>> Le 2017-10-02 à 10:57, Luís Torres via PacketFence-users a écrit :
>>>
>>> Hi,
>>>
>>>  
>>>
>>> to stop the cert error on the captive portal, its only need to
>>> change it on ssl-certificates.conf to point to the correct ones?
>>>
>>>  
>>>
>>> thanks
>>>
>>>  
>>>
>>>
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>  
>
>  
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radius | node remains unreg

2017-10-03 Thread Fabrice Durand via PacketFence-users

Hello Mj,

you can create a connection profile based on the connection type
Ethernet-EAP and activate autoregistration on it.

Regards

Fabrice



Le 2017-10-03 à 05:37, lists via PacketFence-users a écrit :
> Hi,
>
> We have an pf-inline wifi-segment with a captive portal, and also a
> pf-out-of-band wired network, where we have enabled 802.1x / radius
> authentication for our windows workstations.
>
> We authenticate using the workstation account first, and then change
> to the logged-in user account. This works nicely, but with one
> problem: the windows workstations remains state "unreg" after a
> successful authentication, so from the workstations point of view,
> nothing seems to work.
>
> When we manually change the node MAC status to "reg" in packetfence,
> everything starts working perfectly.
>
> How can we make automate the nodes becomes "reg"-ged, when a windows
> workstations authenticates using 802.1x PEAP? Surely this must be a
> very simple solution / switch somewhere? :-)
>
> I tried creating a catch-all rule in our machines-authentication
> source, setting an access duration for 30 days, but I'm not sure if
> that is the correct approach. Also: this doesn't seem to have the
> desired effect or perhaps I need to restart something manually
> after changing that?
>
> MJ
>
> --
>
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal certificate

2017-10-03 Thread Luís Torres via PacketFence-users

 

thank you Fabrice, 

The ssl-certificates.conf should be like this
as well? : 

_SSLCERTIFICATECHAINFILE
%%INSTALL_DIR%%/CONF/SSL/SERVER.PEM_ 

cheers 

Em 2017-10-02 23:49,
Durand fabrice via PacketFence-users escreveu: 

> Hello Luís, 
> 
> you
need to concatenate the certificates like that: 
> 
> cat
conf/ssl/server.crt conf/ssl/server.key > conf/ssl/server.pem 
> 
> and
restart haproxy 
> 
> Regards 
> 
> Fabrice 
> 
> Le 2017-10-02 à 10:57,
Luís Torres via PacketFence-users a écrit : 
> 
>> Hi, 
>> 
>> to stop
the cert error on the captive portal, its only need to change it on
ssl-certificates.conf to point to the correct ones? 
>> 
>> thanks 
>>

>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
> 
>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users
mailing list
> PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]




Links:
--
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] radius | node remains unreg

2017-10-03 Thread lists via PacketFence-users


Hi,

We have an pf-inline wifi-segment with a captive portal, and also a 
pf-out-of-band wired network, where we have enabled 802.1x / radius 
authentication for our windows workstations.


We authenticate using the workstation account first, and then change to 
the logged-in user account. This works nicely, but with one problem: the 
windows workstations remains state "unreg" after a successful 
authentication, so from the workstations point of view, nothing seems to 
work.


When we manually change the node MAC status to "reg" in packetfence, 
everything starts working perfectly.


How can we make automate the nodes becomes "reg"-ged, when a windows 
workstations authenticates using 802.1x PEAP? Surely this must be a very 
simple solution / switch somewhere? :-)


I tried creating a catch-all rule in our machines-authentication source, 
setting an access duration for 30 days, but I'm not sure if that is the 
correct approach. Also: this doesn't seem to have the desired effect 
or perhaps I need to restart something manually after changing that?


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence missing snort config

Re: [PacketFence-users] Captive Portal certificate

Re: [PacketFence-users] radius | node remains unreg

Re: [PacketFence-users] Captive Portal certificate

Re: [PacketFence-users] Captive Portal certificate

Re: [PacketFence-users] Captive Portal certificate

Re: [PacketFence-users] Captive Portal certificate

Re: [PacketFence-users] radius | node remains unreg

Re: [PacketFence-users] Captive Portal certificate

[PacketFence-users] radius | node remains unreg

10 matches

Site Navigation

Mail list logo

Footer information