Re: [PacketFence-users] unable to process payments

2018-04-18 Thread Dave Walsh via PacketFence-users 

Hello,

I have enabled passthrough and I am redirected to 
test.authorize.net/gateway/transact.dll . I am not given an option to 
enter any credit card information.


--
Dave Walsh
Kingston Online Services
303 Bagot Street, Unit 16A
Kingston, ON
www.kos.net
613.549.8667 - Kingston Region
613.968.7137 - Belleville Region

On Wed, 18 Apr 2018, Fabrice Durand via PacketFence-users wrote:


Hello Dave,

you have to enable the passthrough in Packetfence in order to allow your
device in the registration vlan to reach the authorize.net web site.

Regards

Fabrice



Le 2018-04-12 à 14:10, Dave Walsh via PacketFence-users a écrit :

Hello,

I am running version 7.4.0 and I am unable to process credit cards.

I have setup my authorize.net account under Billing sources and
created billing tiers.

When I access the captive portal, I am prompted to enter the mandatory
fields, select a billing tier but I am not prompted to enter any
credit card information. When I click "Checkout on Authorize.net" it
tries to load the sandbox url for authorize.net. I have confirmed the
billing source does not have test mode enabled.

Did I miss something in my configuration so the captive portal would
have fields for credit card information and use the live URL for
authorize.net?

Thank you for your help,
Dave

--

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) 



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Not able to start snort

2018-04-18 Thread nilofer fatma via PacketFence-users 
Hello All,

I am using packet fence 6.5.1. I am trying to start snort services in 
packetfence.

/usr/local/pf/bin/pfcmd service snort start

But snort is not starting up

I am attaching my packetfence.log file below. 

Plase help me asap.



I have downloaded all the rules as well.
# wget https://www.snort.org/downloads/community/community-rules.tar.gz
#tar -xvf community-rules.tar.gz -C usr/local/pf/conf/rules
#wget 
https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=
Regards,

Nilofer Fatma--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] NO INTERNET Connection

2018-04-18 Thread nilofer fatma via PacketFence-users 
Hello Fabrice,


I am attaching my networks.conf file below.

pf.conf:

[int eth0]
ip = 192.168.1.11
type=managerment
mask=255.255.255.0
gateway=192.168.1.2

[int eth0.2]
enforcement=inlinel2
ip=192.168.2.33
type=internal, monitor
mask=255.255.255.0



> On 18 Apr 2018, at 7:13 AM, Fabrice Durand via PacketFence-users 
>  wrote:
> 
> Hello Fatma,
> 
> probaly a dns issue, can you paste your network.conf file.
> 
> Regards
> 
> Fabrice
> 
> 
> 
> Le 2018-04-16 à 13:43, nilofer fatma via PacketFence-users a écrit :
>> Hello all,
>> 
>> I have set-up packetfence 6.5.1 inline, with two interface management and 
>> inline interface.
>> 
>> After successful registration via captive portal. Packetfence is displaying 
>> message “Unable to detect network connectivity.Try restarting your web 
>> browser or opening a new tab to see if your access has been successfully 
>> enables”.
>> 
>> I can see my device as registered on the GUI -> registered. But I am not 
>> able to connect to internet. I have also enabled ipv4.ip_forward=1
>> 
>> [root@... ~]# more /etc/sysctl.conf
>> # Kernel sysctl configuration file for Red Hat Linux
>> #
>> # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
>> # sysctl.conf(5) for more details.
>> #
>> # Use '/sbin/sysctl -a' to list all possible parameters.
>> 
>> # Controls IP packet forwarding
>> net.ipv4.ip_forward = 1
>> I can also see my device under ipset -L.
>> Anybody has any idea where I am wrong? Please help.\
>> Regards,
>> Nilofer Fatma
>> 
>> 
>> 
>> 
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> 
> -- 
> Fabrice Durand
> fdur...@inverse.ca  ::  +1.514.447.4918 (x135) ::  
> www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> ) and PacketFence (http://packetfence.org 
> ) 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! 
> http://sdm.link/slashdot___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bind PacketFence to Active Directory

2018-04-18 Thread Xav Tauran via PacketFence-users 
 And my interface management is ens33.20. VLAN 20 is the management's VLAN
PacketFence run on a virtual machine on Centos 7, and I configured on this
virtual machine, only one interface : ens33.


see below :

[root@localhost ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.200/24 brd 192.168.2.255 scope global ens33
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
3: ens33.20@ens33:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.200/24 brd 192.168.20.255 scope global ens33.20
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
4: ens33.30@ens33:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.200/24 brd 192.168.30.255 scope global ens33.30
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
5: ens33.40@ens33:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.200/24 brd 192.168.40.255 scope global ens33.40
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
6: ens33.50@ens33:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.200/24 brd 192.168.50.255 scope global ens33.50
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
7: ens33.60@ens33:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.60.200/24 brd 192.168.60.255 scope global ens33.60
   valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1f:777/64 scope link
   valid_lft forever preferred_lft forever
8: virbr0:  mtu 1500 qdisc noqueue state
DOWN qlen 1000
link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
   valid_lft forever preferred_lft forever
9: virbr0-nic:  mtu 1500 qdisc pfifo_fast master
virbr0 state DOWN qlen 1000
link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
22: S2008-b@if23:  mtu 1500 qdisc noqueue
state UP qlen 1000
link/ether 62:66:fe:c4:60:6c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.0.2/30 brd 169.254.0.3 scope global S2008-b
   valid_lft forever preferred_lft forever
inet6 fe80::6066:feff:fec4:606c/64 scope link
   valid_lft forever preferred_lft forever


[root@localhost ~]# ping 192.168.6.200
PING 192.168.6.200 (192.168.6.200) 56(84) bytes of data.
64 bytes from 192.168.6.200: icmp_seq=1 ttl=128 time=1.60 ms
64 bytes from 192.168.6.200: icmp_seq=2 ttl=128 time=0.535 ms
64 bytes from 192.168.6.200: icmp_seq=3 ttl=128 time=1.17 ms
64 bytes from 192.168.6.200: icmp_seq=4 ttl=128 time=0.739 ms
^C
--- 192.168.6.200 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 0.535/1.013/1.604/0.412 ms
[root@localhost ~]#

S2008 is the name of my Active Directory. This Active Directory is on a
virtual machine (working on Windows Server 2008).

Thank you for your help.

Regards,

Xavier


2018-04-18 14:38 GMT+02:00 Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Ok so do you have ipv4_forward enabled (sysctl net.ipv4.ip_forward).
>
> Can you paste : ip a
>
> Does the dns 192.168.6.200 answer ?
> What is S2008 ?
>
>
> Le 2018-04-18 à 08:33, Xav Tauran via PacketFence-users a écrit :
>
> Hello Fabrice,
>
> Thank you for your answer !
> Yes I mean join PacketFence to my domain.
>
> See below the result :
> [root@localhost ~]# ip route get 192.168.6.200
> 192.168.6.200 via 192.168.2.254 dev ens33 src 192.168.2.200
> cache
> [root@localhost ~]#
>
> Regards,
>
> Xavier
>
>
> 2018-04-18 14:17 GMT+02:00 Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net>:
>
>> Hello Xav,
>>
>> When you say bind ,

Re: [PacketFence-users] Cisco 2960X Accounting Problems

2018-04-18 Thread Truax, Peter via PacketFence-users 
Fabrice,

Thanks for writing back. I got it working using:

aaa accounting network default start-stop group packetfence
aaa accounting identity default start-stop group packetfence
aaa accounting dot1x default start-stop group packetfence

Regards,

Peter

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, April 18, 2018 5:21 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] Cisco 2960X Accounting Problems


Hello Peter,

can you try to add :

aaa accounting dot1x default start-stop group packetfence
Regards
Fabrice
Le 2018-04-12 à 16:54, Truax, Peter via PacketFence-users a écrit :
Hello,

I am running PacketFence 7.4 and have a Cisco WS-C2960X-48-FPD-L configured 
according to the Admin Guide. Authenication, Dot1x, and MAB are all working 
normally. I am having trouble with is the online/offline column in Nodes just 
showing "unknown" for clients attached to this switch. Is there a way to get 
the switch to provide PacketFence with the accounting info to make this change 
to the proper setting?

The switch is set with the following global commands:

aaa new-model
aaa group server radius packetfence
server name netreg
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
aaa accounting network default start-stop group packetfence
aaa server radius dynamic-author
client 10.0.1.44 server-key 7 08324D5C041000190604 port 3799
aaa session-id common
dot1x system-auth-control
radius server netreg
address ipv4 10.0.1.44 auth-port 1812 acct-port 1813
key 7 071C205E43001C0B031D


The following commands are set on each access interface

interface GigabitEthernet1/0/1
switchport access vlan 90
switchport mode access
authentication host-mode multi-domain
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 10800
authentication timer restart 10800
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 1
spanning-tree portfast
!

Any help would be appreciated.

Thanks,

Peter Truax
Network Administrator
St. Martin's University
[cid:image001.png@01D3D6EB.60B96DE0]





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bind PacketFence to Active Directory

2018-04-18 Thread Xav Tauran via PacketFence-users 
Hello Fabrice,

Thank you for your answer !
Yes I mean join PacketFence to my domain.

See below the result :
[root@localhost ~]# ip route get 192.168.6.200
192.168.6.200 via 192.168.2.254 dev ens33 src 192.168.2.200
cache
[root@localhost ~]#

Regards,

Xavier


2018-04-18 14:17 GMT+02:00 Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Hello Xav,
>
> When you say bind , you mean join PacketFence to the domain ?
>
> Also what is your management interface and what is returned by : ip route
> get 192.168.6.200
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-18 à 03:39, Xav Tauran via PacketFence-users a écrit :
>
> Hello,
>
> I made a mock-up to set up Packet Fence for a company. In attached, you
> will find a drawing to my mock-up with the differents subnets, and VLAN
> configured on Packet Fence. I use a Stomrshield Firewall, and a Cisco
> Switch which run on GNS3.
> My Active Directory Server is on the subnet 192.168.6.0/24 and Packet
> Fence, installed on a virtual machine's Centos 7 (run under VMWARE), is on
> the subnet 192.168.2.0/24.
> Every devices may to reach with a ping.
> My problem is when I want to bind Packet Fence to my Active Directory from
> the graphic interface. I have the same problem that this person, who has
> already posted a message on the support. (check on
> https://sourceforge.net/p/packetfence/mailman/message/36009451/) But the
> solution that the person give her, doesn't work for me... However I follow
>
> the instructions that this person gave him
>
> Can you help me please? :) I will give you, all the informations that you
> need !
>
> Ps : Sorry for my english i'm French
>
> Thank you.
>
> Kind regards,
>
> Xavier TAURAN
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] unable to process payments

2018-04-18 Thread Fabrice Durand via PacketFence-users 
Hello Dave,

you have to enable the passthrough in Packetfence in order to allow your
device in the registration vlan to reach the authorize.net web site.

Regards

Fabrice



Le 2018-04-12 à 14:10, Dave Walsh via PacketFence-users a écrit :
> Hello,
>
> I am running version 7.4.0 and I am unable to process credit cards.
>
> I have setup my authorize.net account under Billing sources and
> created billing tiers.
>
> When I access the captive portal, I am prompted to enter the mandatory
> fields, select a billing tier but I am not prompted to enter any
> credit card information. When I click "Checkout on Authorize.net" it
> tries to load the sandbox url for authorize.net. I have confirmed the
> billing source does not have test mode enabled.
>
> Did I miss something in my configuration so the captive portal would
> have fields for credit card information and use the live URL for
> authorize.net?
>
> Thank you for your help,
> Dave
>
> --
>
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] LDAP Source Problem

2018-04-18 Thread Fabrice Durand via PacketFence-users 
Hello Nathan,

does the LDAP server have the password in clear text or in nthash format ?

If it's not the case then it will not work but if it's the case then it
will be similar than an freeradius edirectory configuration.

Regards

Fabrice



Le 2018-04-06 à 10:35, Nathan, Josh via PacketFence-users a écrit :
> OK, I tried defining my LDAP source separately in the mod-available
> section (and of course adding the sym link in mods-enabled).  Made
> sure the references within the packetfence-tunnel file had ldap
> enabled as well.  For what it's worth, I've also moved this to a
> test-bed running PacketFence 7.4.0.
>
> At this point, it seems to at least be attempting the LDAP
> authentication, but the radius logs show:
>
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap): Bind
> with uid=adminuser,ou=Users,o=,dc=jumpcloud,dc=com to
> ldaps://ldap.jumpcloud.com:636 
> failed: Can't contact LDAP server
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap):
> Opening connection failed (5)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (79)   Invalid user:
> [josh.nathan] (from client 172.20.242.214/16
>  port 0 cli a8:7c:01:a2:60:6f via TLS
> tunnel)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   This
> means you need to read the PREVIOUS messages in the debug output
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   to
> find out the reason why the user was rejected
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   Look
> for "reject" or "fail".  Those earlier messages will tell you
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   what
> went wrong, and how to fix the problem
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) Login incorrect
> (eap_peap: The users session was previously rejected: returning
> reject (again.)): [josh.nathan] (from client 172.20.242.214/16
>  port 0 cli a8:7c:01:a2:60:6f)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]:
> [mac:a8:7c:01:a2:60:6f] Rejected user: josh.nathan
>
>
> Once again, the part that throws me off is that from the admin
> console, the test bind is successful using SSL.  So the message about
> not being able to contact the LDAP server is a little confusing to me.
>
> Any help with next direction to look?  I'm pretty new to trying to use
> LDAP at all, and am testing JumpCloud's LDAP service to see if it
> would be a good fit.
>
>
>   
> Joshua Nathan
> *IT Supervisor*
> Black Forest Academy
>
> p:+49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
> a:
> w:Hammersteiner Straße 50, 79400 Kandern
> bfacademy.de 
>
>   
>
>
>
> On Wed, Mar 21, 2018 at 4:36 PM, Nathan, Josh
> > wrote:
>
> Hello,
>
> So, I'm having some trouble setting up an LDAP authentication
> source in PacketFence version 6.0.1.
>
> It tests successfully, and doing an ldapsearch test comes back
> without issue.  In fact, from the registration VLAN, through the
> PacketFence Captive Portal it works!
>
> However, with the username and password, it's not connecting to
> our 802.1X (WPA2-Enterprise) wireless network.  It comes back
> saying that the username/password is invalid.  We've been using a
> separate RADIUS database for user management, but actually using
> LDAP is of course a much better option.  I've tried looking at the
> logs, but I'm not readily finding anything.
>
> Why would it work in the captive portal, but not from an 802.1X
> handshake?
>
> I will note that I'm using SSL over port 636, and a self-signed
> certificate in these tests if that makes a difference.
>
> Thanks for helping point me in the right direction!
>
>   
> Joshua Nathan
> *IT Supervisor*
> Black Forest Academy
>
> p:+49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
> a:
> w:Hammersteiner Straße 50, 79400 Kandern
> bfacademy.de 
>
>   
>
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!

Re: [PacketFence-users] Bind PacketFence to Active Directory

2018-04-18 Thread Fabrice Durand via PacketFence-users 
Hello Xav,

When you say bind , you mean join PacketFence to the domain ?

Also what is your management interface and what is returned by : ip
route get 192.168.6.200

Regards

Fabrice



Le 2018-04-18 à 03:39, Xav Tauran via PacketFence-users a écrit :
> Hello, 
>
> I made a mock-up to set up Packet Fence for a company. In attached,
> you will find a drawing to my mock-up with the differents subnets, and
> VLAN configured on Packet Fence. I use a Stomrshield Firewall, and a
> Cisco Switch which run on GNS3. 
> My Active Directory Server is on the subnet 192.168.6.0/24
>  and Packet Fence, installed on a virtual
> machine's Centos 7 (run under VMWARE), is on the subnet 192.168.2.0/24
> . 
> Every devices may to reach with a ping. 
> My problem is when I want to bind Packet Fence to my Active Directory
> from the graphic interface. I have the same problem that this person,
> who has already posted a message on the support. (check
> on https://sourceforge.net/p/packetfence/mailman/message/36009451/
> ) But
> the solution that the person give her, doesn't work for me... However
> I follow 
> the instructions that this person gave him
>
> Can you help me please? :) I will give you, all the informations that
> you need !
>
> Ps : Sorry for my english i'm French
>
> Thank you.
>
> Kind regards,
>
> Xavier TAURAN 
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with Samba 4 authentication

2018-04-18 Thread Fabrice Durand via PacketFence-users 
Hello Jeimerson,

can you run:

raddebug -f /usr/local/pf/var/run/radius.sock -t 3000

and paste the result when you try to connect.

Regards

Fabrice



Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
> Hello everyone, I'm having problem with authentication, using Samba server 4.
>
> CLI authentication works. But, using the Cisco 2950 802.1x, does not
> work according to the logs.
>
> 
>
> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
> --username=nacad...@samba.nac --password='Zaq!2wsx'
> NT_STATUS_OK: Success (0x0)
>
> #
> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
> User-Name = "nacadmin"
> MS-CHAP-Password = "Zaq!2wsx"
> NAS-IP-Address = 169.254.0.2
> NAS-Port = 0
> Message-Authenticator = 0x00
> Cleartext-Password = "Zaq!2wsx"
> MS-CHAP-Challenge = 0xf8d279644d3003f7
> MS-CHAP-Response =
> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
> User-Name = "nacadmin"
> MS-CHAP-Password = "Zaq!2wsx"
> NAS-IP-Address = 169.254.0.2
> NAS-Port = 0
> Message-Authenticator = 0x00
> Cleartext-Password = "Zaq!2wsx"
> MS-CHAP-Challenge = 0xf8d279644d3003f7
> MS-CHAP-Response =
> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
> User-Name = "nacadmin"
> MS-CHAP-Password = "Zaq!2wsx"
> NAS-IP-Address = 169.254.0.2
> NAS-Port = 0
> Message-Authenticator = 0x00
> Cleartext-Password = "Zaq!2wsx"
> MS-CHAP-Challenge = 0xf8d279644d3003f7
> MS-CHAP-Response =
> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
> (0) No reply from server for ID 149 socket 3
>
>
> What could it be?
>
> If you can help me.
>
> I created a testing environment with VMware ESXi 6.5.
>
> #
>
>
> MAC Address00:0c:29:75:9d:61
> Auth StatusReject
> Auth Typeeap
> Auto Registrationno
> Calling Station ID00:0c:29:75:9d:61
> Computer nameN/A
> EAP TypeMSCHAPv2
> Event TypeRadius-Access-Request
> IP Address
> Is a Phoneno
> Node statusN/A
> DomainSAMBA
> ProfileN/A
> Realmsamba.nac
> Reasonchrooted_mschap: Program returned code (1) and output 'Logon
> failure (0xc06d)'
> RoleN/A
> SourceN/A
> Stripped User Namenacadmin
> User namenacad...@samba.nac
> Unique ID
>
> 
>
> Switch IDN/A
> Switch MACN/A
> Switch IP AddressN/A
> Called Station ID00:16:47:53:3e:08
> Connection typeN/A
> IfIndexN/A
> NAS identifier
> NAS IP Address10.190.90.24
> NAS Port50008
> NAS Port ID
> NAS Port TypeEthernet
> RADIUS Source IP Address10.190.90.24
> Wi-Fi Network SSID
>
>
> #
>
> request_time0
> RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
> Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
> "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
> FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
> MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id =
> "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac"
> MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c
> PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac"
> Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message =
> 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163
> MS-CHAP2-Response =
> 0x0761ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e
> Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500
> Module-Failure-Message = "chrooted_mschap: Program returned code (1)
> and output 'Logon failure (0xc06d)'" Module-Failure-Message =
> "chrooted_mschap: External script says: Logon failure (0xc06d)"
> Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is
> incorrect" User-Password = "**" Module-Failure-Message = "Failed
> retrieving values required to evaluate condition" SQL-User-Name =
> "nacad...@samba.nac"
> RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0
> C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed"
> EAP-Message = 0x04070004 Message-Authenticator =
> 0x
>
>
>
> Thank you.
>
> Com os melhores cumprimentos.
>
> Jeimerson Chaves
>
> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
> informáticos com ele transmitidos são confidenciais, podem conter
> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
>

[PacketFence-users] Bind PacketFence to Active Directory

2018-04-18 Thread Xav Tauran via PacketFence-users 
For more infomartions, bellow is my domain.conf file :

[S2008]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=disabled
registration=1
ntlm_cache_expiry=3600
dns_name=DOMAIN.NET
dns_servers=192.168.6.200
ou=Computers
bind_pass=
ntlm_cache_on_connection=disabled
bind_dn=
workgroup=DOMAIN
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=adserver.domain.net
ntlm_cache_batch=disabled
server_name=packetfence

And I get this error when I try to join PF to my Active Directory Server :

2018/04/18 08:14:12.377192,  0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version
number 2
[2018/04/18 08:14:12.382016,  0]
../source3/winbindd/winbindd_util.c:883(init_domain_list)
  Could not fetch our SID - did we join?
[2018/04/18 08:14:12.382153,  0]
../source3/winbindd/winbindd.c:1402(winbindd_register_handlers)
  unable to initialize domain list
[2018/04/18 08:14:12.504853,  0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version
number 2
[2018/04/18 08:14:12.519144,  0]
../source3/winbindd/winbindd_util.c:883(init_domain_list)
  Could not fetch our SID - did we join?
[2018/04/18 08:14:12.519178,  0]
../source3/winbindd/winbindd.c:1402(winbindd_register_handlers)
  unable to initialize domain list
[2018/04/18 08:14:12.673206,  0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version
number 2
[2018/04/18 08:14:12.677172,  0]
../source3/winbindd/winbindd_util.c:883(init_domain_list)
  Could not fetch our SID - did we join?
[2018/04/18 08:14:12.677200,  0]
../source3/winbindd/winbindd.c:1402(winbindd_register_handlers)
  unable to initialize domain list

And these errors when I write these commands :

[root@localhost pf]# chroot /chroots/S2008/ wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
[root@localhost pf]# chroot /chroots/S2008/ wbinfo -g
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups
[root@localhost pf]# chroot /chroots/S2008/ wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
[root@localhost pf]# chroot /chroots/S2008/ wbinfo -p
Ping to winbindd failed
could not ping winbindd!
[root@localhost pf]#

see below my ip route & ip get's commands :

[root@localhost pf]# ip route
default via 192.168.2.254 dev ens33
169.254.0.0/30 dev S2008-b proto kernel scope link src 169.254.0.2
169.254.0.0/16 dev ens33 scope link metric 1002
169.254.0.0/16 dev ens33.20 scope link metric 1003
169.254.0.0/16 dev ens33.30 scope link metric 1004
169.254.0.0/16 dev ens33.40 scope link metric 1005
169.254.0.0/16 dev ens33.50 scope link metric 1006
169.254.0.0/16 dev ens33.60 scope link metric 1007
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.200
192.168.20.0/24 dev ens33.20 proto kernel scope link src 192.168.20.200
192.168.30.0/24 dev ens33.30 proto kernel scope link src 192.168.30.200
192.168.40.0/24 dev ens33.40 proto kernel scope link src 192.168.40.200
192.168.50.0/24 dev ens33.50 proto kernel scope link src 192.168.50.200
192.168.60.0/24 dev ens33.60 proto kernel scope link src 192.168.60.200
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@localhost pf]# ip route get 192.168.6.200
192.168.6.200 via 192.168.2.254 dev ens33 src 192.168.2.200
cache

And in attached you will find my file /var/conf/iptables.conf.

Thank you for your answer! And I hope to find a solution to my problem,
it's very important ! :)

Kind regards,

Xavier TAURAN
Network Engineer


ipconfig.conf
Description: Binary data
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] NO INTERNET Connection

2018-04-18 Thread nilofer fatma via PacketFence-users 
Hello all,

I have set-up packetfence 6.5.1 inline, with two interface management and 
inline interface.

After successful registration via captive portal. Packetfence is displaying 
message “Unable to detect network connectivity.Try restarting your web browser 
or opening a new tab to see if your access has been successfully enables”.

I can see my device as registered on the GUI -> registered. But I am not able 
to connect to internet. I have also enabled ipv4.ip_forward=1

[root@... ~]# more /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
I can also see my device under ipset -L.
Anybody has any idea where I am wrong? Please help.\
Regards,
Nilofer Fatma




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users