date:20180503

Re: [PacketFence-users] PF 8 Device in Nodes not ON

2018-05-03 Thread Truax, Peter via PacketFence-users

Jeimerson,

Try these commands on the 2960.

aaa accounting network default start-stop group packetfence
aaa accounting identity default start-stop group packetfence
aaa accounting dot1x default start-stop group packetfence

It worked for me.

Regards,

Peter

-Original Message-
From: Jeimerson C. Chaves via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, May 3, 2018 8:43 AM
To: packetfence-users@lists.sourceforge.net
Cc: Jeimerson C. Chaves 
Subject: [PacketFence-users] PF 8 Device in Nodes not ON

Hi there,

When we connect a device to a 2950 Cisco Switch, he gets to authenticate and is 
authorized in the network. In the NODES section it appears as ON (as it should 
be), but when we move it to a 2960 Cisco Switch, it still authenticates and can 
connects to the network but it's appearing as OFF.


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com 
ele transmitidos são confidenciais, podem conter informação privilegiada e 
destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são 
dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido 
este e-mail indevidamente, queira informar de imediato o remetente e proceder à 
destruição da mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it are 
confidential and may be privileged and are intended solely for the use of the 
individual or entity to whom they are addressed. Their contents may not be 
altered. lf you are not the intended recipient of this communication please 
notify the sender and delete and destroy all copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF 8 Device in Nodes not ON

2018-05-03 Thread Jeimerson C. Chaves via PacketFence-users

Hi there,

When we connect a device to a 2950 Cisco Switch, he gets to
authenticate and is authorized in the network. In the NODES section it
appears as ON (as it should be), but when we move it to a 2960 Cisco
Switch, it still authenticates and can connects to the network but
it's appearing as OFF.


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Meiser Tobias via PacketFence-users

Hello Fabrice,

this is indeed a proxy related issue. I've disabled proxy in fingerbank.conf 
and the gui is working again with its corresponding warnings.
"Impossible to fetch Fingerbank account information: Can't connect to 
api.fingerbank.org:443 Name or service not known at 
/usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 41."

However, proxying has never worked in any of the past few versions in our 
environmet. Maybe it's like Jeimerson wrote a DNS problem.

Best Regards

Tobias

Von: Meiser Tobias via PacketFence-users 

Gesendet: Donnerstag, 3. Mai 2018 14:58
An: 'packetfence-users@lists.sourceforge.net' 

Cc: Meiser Tobias 
Betreff: Re: [PacketFence-users] Problem with Fingerbank Gui

Hallo Fabrice,

thanks for your answer. I have reinstalled fingerbank and rebooted pf server. 
After that the messages in packetfence.log are gone.
But I'm still not able to access fingerbank settings via gui.

There are just some proxy related errors in fingerbank.log like:

May  3 14:43:49 PacketFence-ZEN 
/usr/local/fingerbank/collector/fingerbank-collector[1746]: 
t=2018-05-03T14:43:49+0200 lvl=eror msg="ERROR: Wasn't able to fetch the 
destination hosts from the Fingerbank API: Get 
https://api-ss.fingerbank.org:443/api/v2/download/destination-hosts?key=XXX

http requests work:
May  3 14:51:17 PacketFence-ZEN fingerbank: pfqueue(3413) INFO: [mac:unknown] 
Successfully fetched 'http://api.fingerbank.org:443/api/v2/download/db' from 
Fingerbank project (fingerbank::Util::fetch_file)
May  3 14:51:17 PacketFence-ZEN fingerbank: pfqueue(3413) INFO: [mac:unknown] 
Successfully updated file '/usr/local/fingerbank/db/fingerbank_Upstream.db' 
(fingerbank::Util::update_fi

Do you have any further ideas how to access the gui again?

Best Regards

Tobias

Von: Fabrice Durand via PacketFence-users 
>
Gesendet: Donnerstag, 3. Mai 2018 14:12
An: 
packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand >
Betreff: Re: [PacketFence-users] Problem with Fingerbank Gui


Hello Tobias,

it looks that your fingerbank db is corrupted, try to reinstall fingerbank:

yum reinstall fingerbank --enablerepo=packetfence



Regards

Fabrice

Le 2018-05-03 à 02:26, Meiser Tobias via PacketFence-users a écrit :
Hello,

we have updated our ZEN to PF 8.0 last week. Since then we are not able to 
access Configuration ->Compliance-> Fingerbank Profiling General Settings. The 
Gui keeps saying "Error! An error occured while contacting the server. Please 
try again later".

I don't know if there is a relation to messages in Packetfence.log

May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189) ERROR: 
[mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device information for 
8c:dc:d4:51:df:93. Device profiling rules relying on it will not work. 
(DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM device me WHERE ( name = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433) (pf::node::fingerbank_info)

And

May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac: 
xx:xx:xx:xx:xx:xx] Error handling fingerbank_process : 
DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433 (pf::api::can_fork::notify)


Fingerbank.conf:

[upstream]
api_key=xx
use_https=disabled

[proxy]
use_proxy=enabled
host=http://XX.XXX.XXX.XXX
port=8080
verify_ssl=disabled


Any Ideas ?


Best Regards

Tobias Meiser




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Portal fqdn resolution from isolation and registration vlan

2018-05-03 Thread Cristian Mammoli via PacketFence-users

It seems that trying to resolve a domain returns the registration vlan 
IP (192.168.112.254) while trying to resolve the portal FQDN returns the 
portal interface IP (*192.168.114.254*)

Probably the 2nd query is forwarded upstream for some reason

C:\Windows\system32>nslookup www.pippo.com
Server: 254.112.168.192.in-addr.arpa
Address: 192.168.112.254

*Nome: www.pippo.com**
**Addresses: 192.168.112.254**
**192.168.112.254*


C:\Windows\system32>nslookup nac.apra.it
Server: 254.112.168.192.in-addr.arpa
Address: 192.168.112.254

*Nome: nac.apra.it**
**Address: 192.168.114.254*


C:\Windows\system32>


May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:29 +0200] "A IN 
www.pippo.com.vlan-registration.apra.it. udp 57 false 512" NXDOMAIN 
qr,aa,rd,ra 115 4.506862ms
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:29 +0200] " IN 
www.pippo.com.vlan-registration.apra.it. udp 57 false 512" NXDOMAIN 
qr,aa,rd,ra 115 5.510869ms
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:29 +0200] "A IN www.pippo.com.apra.it. udp 39 false 
512" NXDOMAIN qr,aa,rd,ra 97 4.253698ms
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:29 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:29 +0200] " IN www.pippo.com.apra.it. udp 39 
false 512" NXDOMAIN qr,aa,rd,ra 97 4.34452ms
May 03 15:17:30 srvpf.apra.it pfdns[2301]: Returned portal for MAC 
20:cf:30:36:88:15 with IP 192.168.112.33
May 03 15:17:30 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:30 +0200] "A IN www.pippo.com. udp 31 false 512" 
NOERROR qr,aa,rd 47 4.200221ms
May 03 15:17:30 srvpf.apra.it pfdns[2301]: Returned portal for MAC 
20:cf:30:36:88:15 with IP 192.168.112.33
May 03 15:17:30 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:30 +0200] " IN www.pippo.com. udp 31 false 512" 
NOERROR qr,aa,rd 47 5.50361ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: Returned portal for MAC 
20:cf:30:36:88:15 with IP 192.168.112.33
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] "PTR IN 254.112.168.192.in-addr.arpa. udp 
46 false 512" NOERROR qr,aa,rd 62 3.463945ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] "A IN 
nac.apra.it.vlan-registration.apra.it. udp 55 false 512" NXDOMAIN 
qr,aa,rd,ra 113 3.784624ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] " IN 
nac.apra.it.vlan-registration.apra.it. udp 55 false 512" NXDOMAIN 
qr,aa,rd,ra 113 4.101483ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] "A IN nac.apra.it.apra.it. udp 37 false 
512" NXDOMAIN qr,aa,rd,ra 95 3.522312ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] " IN nac.apra.it.apra.it. udp 37 false 
512" NXDOMAIN qr,aa,rd,ra 95 4.039791ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] "A IN nac.apra.it. udp 29 false 512" 
NOERROR qr,aa,rd,ra 45 20.000424ms
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 : 
20:cf:30:36:88:15 passthrough
May 03 15:17:33 srvpf.apra.it pfdns[2301]: 192.168.112.33 - 
[03/May/2018:15:17:33 +0200] " IN nac.apra.it. udp 29 false 512" 
NOERROR qr,aa,rd,ra 87 3.211035ms


Il 03/05/2018 14:34, Fabrice Durand via PacketFence-users ha scritto:


Weird, it's suppose to return the portal ip.

Can you do this on a laptop:

nslookup nac.apra.it

and on the same time on the packetfence server : journalctl -f | grep dns

And give me the result.

Regards

Fabrice



Le 2018-05-03 à 03:44, Cristian Mammoli via PacketFence-users a écrit :

Indeed it was this way on 7.4 :( But it stopped working on 8.0 :(

[root@srvpf conf]# cat pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=apra.it
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the 
domain in Apache rewriting rules and therefore must be resolvable by 
clients.

hostname=nac
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to 
allow DHCP transactions from

Re: [PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Meiser Tobias via PacketFence-users

Hi Jeimerson,

I've checked our resolv.conf. There are our internal nameservers configured. 
They can just resolve internal names. That's why we are using a proxy for web 
requests.

Thanks for trying to help me.

Best Regards
Tobias


Hi,

I was having the same problem, it was missing the DNS record in resolve.conf 
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com 
ele transmitidos são confidenciais, podem conter informação privilegiada e 
destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são 
dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido 
este e-mail indevidamente, queira informar de imediato o remetente e proceder à 
destruição da mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it are 
confidential and may be privileged and are intended solely for the use of the 
individual or entity to whom they are addressed. Their contents may not be 
altered. lf you are not the intended recipient of this communication please 
notify the sender and delete and destroy all copies immediately.




2018-05-03 7:26 GMT+01:00 Meiser Tobias via PacketFence-users
:
> Hello,
>
> we have updated our ZEN to PF 8.0 last week. Since then we are not 
> able to access Configuration ->Compliance-> Fingerbank Profiling General 
> Settings.
> The Gui keeps saying „Error! An error occured while contacting the server.
> Please try again later“.
>
> I don’t know if there is a relation to messages in Packetfence.log
>
> May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189)
> ERROR: [mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device 
> information for 8c:dc:d4:51:df:93. Device profiling rules relying on 
> it will not work. (DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception:
> DBD::SQLite::db prepare_cached failed: file is encrypted or is not a 
> database [for Statement "SELECT COUNT( * ) FROM device me WHERE ( name = ?
> )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433)
> (pf::node::fingerbank_info)
>
> And
>
> May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac:
> xx:xx:xx:xx:xx:xx] Error handling fingerbank_process :
> DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: 
> DBD::SQLite::db prepare_cached failed: file is encrypted or is not a 
> database [for Statement "SELECT COUNT( * ) FROM dhcp_fingerprint me 
> WHERE ( value = ? )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm 
> line 433
> (pf::api::can_fork::notify)
>
>
> Fingerbank.conf:
>
> [upstream]
> api_key=xx
> use_https=disabled
>
> [proxy]
> use_proxy=enabled
> host=http://XX.XXX.XXX.XXX
> port=8080
> verify_ssl=disabled
>
>
> Any Ideas ?
>
>
> Best Regards
>
> Tobias Meiser
>
>
> --
>  Check out the vibrant tech community on one of the world's 
> most engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Meiser Tobias via PacketFence-users

Hallo Fabrice,

thanks for your answer. I have reinstalled fingerbank and rebooted pf server. 
After that the messages in packetfence.log are gone.
But I'm still not able to access fingerbank settings via gui.

There are just some proxy related errors in fingerbank.log like:

May  3 14:43:49 PacketFence-ZEN 
/usr/local/fingerbank/collector/fingerbank-collector[1746]: 
t=2018-05-03T14:43:49+0200 lvl=eror msg="ERROR: Wasn't able to fetch the 
destination hosts from the Fingerbank API: Get 
https://api-ss.fingerbank.org:443/api/v2/download/destination-hosts?key=XXX

http requests work:
May  3 14:51:17 PacketFence-ZEN fingerbank: pfqueue(3413) INFO: [mac:unknown] 
Successfully fetched 'http://api.fingerbank.org:443/api/v2/download/db' from 
Fingerbank project (fingerbank::Util::fetch_file)
May  3 14:51:17 PacketFence-ZEN fingerbank: pfqueue(3413) INFO: [mac:unknown] 
Successfully updated file '/usr/local/fingerbank/db/fingerbank_Upstream.db' 
(fingerbank::Util::update_fi

Do you have any further ideas how to access the gui again?

Best Regards

Tobias


Von: Fabrice Durand via PacketFence-users 

Gesendet: Donnerstag, 3. Mai 2018 14:12
An: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Betreff: Re: [PacketFence-users] Problem with Fingerbank Gui


Hello Tobias,

it looks that your fingerbank db is corrupted, try to reinstall fingerbank:

yum reinstall fingerbank --enablerepo=packetfence



Regards

Fabrice

Le 2018-05-03 à 02:26, Meiser Tobias via PacketFence-users a écrit :
Hello,

we have updated our ZEN to PF 8.0 last week. Since then we are not able to 
access Configuration ->Compliance-> Fingerbank Profiling General Settings. The 
Gui keeps saying "Error! An error occured while contacting the server. Please 
try again later".

I don't know if there is a relation to messages in Packetfence.log

May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189) ERROR: 
[mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device information for 
8c:dc:d4:51:df:93. Device profiling rules relying on it will not work. 
(DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM device me WHERE ( name = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433) (pf::node::fingerbank_info)

And

May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac: 
xx:xx:xx:xx:xx:xx] Error handling fingerbank_process : 
DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433 (pf::api::can_fork::notify)


Fingerbank.conf:

[upstream]
api_key=xx
use_https=disabled

[proxy]
use_proxy=enabled
host=http://XX.XXX.XXX.XXX
port=8080
verify_ssl=disabled


Any Ideas ?


Best Regards

Tobias Meiser





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bug PacketFence 8

2018-05-03 Thread Jeimerson C. Chaves via PacketFence-users

Hello Fabrice,

thank you so much.
Why with version 7.4, did the same setup work?

Even so, thank you.


May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] handling radius autz request: from
switch_ip => (10.190.90.24), connection_type =>
Ethernet-EAP,switch_mac => (00:16:47:53:3e:09), mac =>
[00:0c:29:39:76:21], port => 09, username => "nacad...@samba.nac"
(pf::radius::authorize)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
WARN: [mac:00:0c:29:39:76:21] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC,
returning actions. (pf::Authentication::Source::match_rule)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC,
returning actions. (pf::Authentication::Source::match)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  3 12:37:56 PacketFence-ZEN pfqueue: pfqueue(8540) INFO:
[mac:unknown] Already did a person lookup for nacad...@samba.nac
(pf::lookup::person::lookup_person)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC,
returning actions. (pf::Authentication::Source::match_rule)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC,
returning actions. (pf::Authentication::Source::match)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Username was defined
"nacad...@samba.nac" - returning role 'Normal'
(pf::role::getRegisteredRole)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] PID: "nacad...@samba.nac", Status: reg
Returned VLAN: (undefined), Role: Normal (pf::role::fetchRoleForNode)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Switch doesn't support Dynamic VLAN
assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 09 to 20
(pf::radius::authorize)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] (10.190.90.24) Added VLAN 20 to the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] violation 133 force-closed for
00:0c:29:39:76:21 (pf::violation::violation_force_close)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)




May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] handling radius autz request: from
switch_ip => (10.190.90.24), connection_type =>
Ethernet-EAP,switch_mac => (00:16:47:53:3e:09), mac =>
[00:0c:29:39:76:21], port => 09, username => "nacad...@samba.nac"
(pf::radius::authorize)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
WARN: [mac:00:0c:29:39:76:21] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source

Re: [PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Jeimerson C. Chaves via PacketFence-users

Hi,

I was having the same problem, it was missing the DNS record in resolve.conf
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-03 7:26 GMT+01:00 Meiser Tobias via PacketFence-users
:
> Hello,
>
> we have updated our ZEN to PF 8.0 last week. Since then we are not able to
> access Configuration ->Compliance-> Fingerbank Profiling General Settings.
> The Gui keeps saying „Error! An error occured while contacting the server.
> Please try again later“.
>
> I don’t know if there is a relation to messages in Packetfence.log
>
> May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189)
> ERROR: [mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device
> information for 8c:dc:d4:51:df:93. Device profiling rules relying on it will
> not work. (DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception:
> DBD::SQLite::db prepare_cached failed: file is encrypted or is not a
> database [for Statement "SELECT COUNT( * ) FROM device me WHERE ( name = ?
> )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433)
> (pf::node::fingerbank_info)
>
> And
>
> May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac:
> xx:xx:xx:xx:xx:xx] Error handling fingerbank_process :
> DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db
> prepare_cached failed: file is encrypted or is not a database [for Statement
> "SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at
> /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433
> (pf::api::can_fork::notify)
>
>
> Fingerbank.conf:
>
> [upstream]
> api_key=xx
> use_https=disabled
>
> [proxy]
> use_proxy=enabled
> host=http://XX.XXX.XXX.XXX
> port=8080
> verify_ssl=disabled
>
>
> Any Ideas ?
>
>
> Best Regards
>
> Tobias Meiser
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] New go binaries and pf-maint

2018-05-03 Thread Fabrice Durand via PacketFence-users


Hello Cristian,

we are on the way to change the pf-maint.pl script to add the way to 
patch the go binary.


Regards
Fabrice

Le 2018-05-03 à 05:39, Cristian Mammoli via PacketFence-users a écrit :
Before 8.0 I simply run addons/pf-maint.pl, applied the patches and 
restarted the services


How do I do now that there are go binaries involved? I see pf-maint.pl 
patches the sources in go/ and there is a addons/packages/build-go.sh


Do I have to run that?

Ty

-- 


Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bug PacketFence 8

2018-05-03 Thread Fabrice Durand via PacketFence-users


Hello Jeimerson,

can you try that:

[SAMBA.NAC]
cache_match=0
read_timeout=10
realms=
password=Zaq!2wsx
scope=sub
binddn=nacad...@samba.nac
port=389
description=Teste de Autenticacao
write_timeout=5
type=AD
basedn=DC=SAMBA,DC=NAC
monitor=1
set_access_level_action=
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
encryption=none
host=10.161.16.23

Regards
Fabrice

Le 2018-05-03 à 04:32, Jeimerson C. Chaves via PacketFence-users a écrit :

Hi,


authentication.conf

[SAMBA.NAC]
cache_match=0
read_timeout=10
realms=
password=Zaq!2wsx
scope=base
binddn=nacad...@samba.nac
port=389
description=Teste de Autenticacao
write_timeout=5
type=AD
basedn=DC=SAMBA,DC=NAC
monitor=1
set_access_level_action=
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
encryption=none
host=10.161.16.23

[SAMBA.NAC rule Test]
action0=set_role=Normal
match=all
class=authentication
action1=set_access_duration=12h
description=Teste

[SAMBA.NAC rule VoIP]
action0=set_role=voice
match=all
class=authentication
action1=set_access_duration=5D
description=VoIP

##

switches.conf

[10.190.90.24]
description=Cisco 2950
group=Cisco_2950
VoIPEnabled=N

[10.190.90.25]
description=Cisco 2960
group=Cisco_2960

[group Cisco_2950]
deauthMethod=SNMP
description=Switches Cisco 2950
type=Cisco::Catalyst_2950
VoIPEnabled=Y
NormalVlan=20
SNMPPrivPasswordTrap=zaq12wsx
SNMPVersionTrap=2c
macDetectionVlan=80
isolationVlan=60
radiusSecret=zaq12wsx
SNMPVersion=2c
SNMPPrivPasswordRead=zaq12wsx
SNMPPrivPasswordWrite=zaq12wsx
SNMPAuthPasswordWrite=zaq12wsx
SNMPAuthPasswordRead=zaq12wsx
registrationVlan=70
voiceVlan=100
SNMPAuthPasswordTrap=zaq12wsx

[group Cisco_2960]
NormalVlan=20
SNMPPrivPasswordTrap=zaq12wsx
deauthMethod=SNMP
description=Switches Cisco 2956
SNMPVersionTrap=2c
type=Cisco::Catalyst_2960
macDetectionVlan=80
VoIPEnabled=Y
isolationVlan=60
radiusSecret=zaq12wsx
SNMPVersion=2c
SNMPPrivPasswordRead=zaq12wsx
SNMPPrivPasswordWrite=zaq12wsx
SNMPAuthPasswordWrite=zaq12wsx
SNMPAuthPasswordRead=zaq12wsx
registrationVlan=70
voiceVlan=100
SNMPAuthPasswordTrap=zaq12wsx

##


~
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users
:

Can you share authentication.conf (remove sensible information)


Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit :

Hello,

I installed PackerFence 8 on my lab, and I can not access the vlans.
As the logs and prints follow.

Thank you.

May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.24), connection_type =>
Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac =>
[00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac"
(pf::radius::authorize)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
  (pf::role::_check_bypass)
May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 16:40:43 PacketFence-ZEN

Re: [PacketFence-users] Portal fqdn resolution from isolation and registration vlan

2018-05-03 Thread Fabrice Durand via PacketFence-users


Weird, it's suppose to return the portal ip.

Can you do this on a laptop:

nslookup nac.apra.it

and on the same time on the packetfence server : journalctl -f | grep dns

And give me the result.

Regards

Fabrice



Le 2018-05-03 à 03:44, Cristian Mammoli via PacketFence-users a écrit :

Indeed it was this way on 7.4 :( But it stopped working on 8.0 :(

[root@srvpf conf]# cat pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=apra.it
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the 
domain in Apache rewriting rules and therefore must be resolvable by 
clients.

hostname=nac
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to 
allow DHCP transactions from even "trapped" nodes.

dhcpservers=127.0.0.1,192.168.0.7,192.168.0.76,192.168.15.9
#
# general.timezone
#
#System's timezone in string format. List generated from Perl library 
DataTime::TimeZone

timezone=Europe/Rome

[network]
#
# network.dhcpoption82logger
#
# If enabled PacketFence will monitor DHCP option82 location-based 
information.

# This feature is only available if the dhcpdetector is activated.
dhcpoption82logger=enabled

[fencing]
#
# fencing.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS 
passthroughs to web sites.

#
passthroughs=srvdc01.apra.it,srvdc02.apra.it,srvdc-dr.apra.it,apra.it,srvupdate.apra.it,srvupdate.apra.it:8530,srvupdate.apra.it:8531,*.windowsupdate.microsoft.com,*.update.microsoft.com,*.windowsupdate.com,test.stats.update.microsoft.com,ntservicepack.microsoft.com,*.download.windowsupdate.com,officecdn.microsoft.com,srvsophos.apra.it:tcp:445,*.ggpht.com,*.googleusercontent.com,android.clients.google.com,*.googleapis.com,*.android.clients.google.com,*.gvt1.com,*.l.google.com,play.google.com,*.gstatic.com
#
# fencing.isolation_passthrough
#
# When enabled, pfdns will resolve the real IP addresses of 
passthroughs and add them in the ipset session to give access

# to trapped devices. Don´t forget to enable ip_forward on your server.
isolation_passthrough=enabled
#
# fencing.isolation_passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS 
passthroughs to web sites.

#
isolation_passthroughs=srvupdate.apra.it,srvupdate.apra.it:8530,srvupdate.apra.it:8531,*.windowsupdate.microsoft.com,*.update.microsoft.com,*.windowsupdate.com,test.stats.update.microsoft.com,ntservicepack.microsoft.com,*.download.windowsupdate.com,officecdn.microsoft.com,srvsophos.apra.it:tcp:445

[guests_admin_registration]
#
# guests_admin_registration.access_duration_choices
#
# These are all the choices offered in the guest management interface as
# possible access duration values for a given registration.
access_duration_choices=1h,3h,12h,1D,2D,3D,5D,6D,7D
#
# guests_admin_registration.default_access_duration
#
# This is the default access duration value selected in the dropdown 
on the

# guest management interface.
default_access_duration=1D

[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, 
violations with an action of "email", or any other

# PacketFence-related message goes to.
emailaddr=nac-al...@apra.it
#
# alerting.fromaddr
#
# Source email address for email notifications. Empty means 
root@.

fromaddr=n...@apra.it
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr. The 
default is localhost - be sure you're running an SMTP

# host locally if you don't change it!
smtpserver=mail.apra.it

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this 
parameter after the initial configuration will *not* change it in the 
database it self, only in the configuration.

#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this 
parameter after the initial configuration will *not* change it in the 
database it self, only in the configuration.

pass=xxx

[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the 
common/network-access-detection.gif which is used to detect if network

# access was enabled.
# It cannot be a domain name since it is used in registration or 
quarantine where DNS is blackholed.
# It is recommended that you allow your users to reach your 
packetfence server and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy 
solution.

#
network_detection_ip=212.77.73.7
#
# captive_portal.image_path
#
# This is the path where the gif is on the webserver to detect if the 
network access

# has been enabled.
image_path=/icons/poweredby.png
#
# captive_portal.request_timeout
#
# The amount of seconds before a request times out in the captive portal
request_timeout=60
#
# captive_portal.rate_limiting_threshold
#
# Amount of requests on invalid URLs after which the rate limiting 
will kick in for this device

Re: [PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Fabrice Durand via PacketFence-users


Hello Tobias,

it looks that your fingerbank db is corrupted, try to reinstall fingerbank:

yum reinstall fingerbank --enablerepo=packetfence


Regards

Fabrice


Le 2018-05-03 à 02:26, Meiser Tobias via PacketFence-users a écrit :

Hello,
we have updated our ZEN to PF 8.0 last week. Since then we are not 
able to access Configuration ->Compliance-> Fingerbank Profiling 
General Settings. The Gui keeps saying „Error! An error occured while 
contacting the server. Please try again later“.

I don’t know if there is a relation to messages in Packetfence.log
May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189) 
ERROR: [mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device 
information for 8c:dc:d4:51:df:93. Device profiling rules relying on 
it will not work. (DBIx::Class::Storage::DBI::_prepare_sth(): DBI 
Exception: DBD::SQLite::db prepare_cached failed: file is encrypted or 
is not a database [for Statement "SELECT COUNT( * ) FROM device me 
WHERE ( name = ? )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 
433) (pf::node::fingerbank_info)

And
May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac: 
xx:xx:xx:xx:xx:xx] Error handling fingerbank_process : 
DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: 
DBD::SQLite::db prepare_cached failed: file is encrypted or is not a 
database [for Statement "SELECT COUNT( * ) FROM dhcp_fingerprint me 
WHERE ( value = ? )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm 
line 433 (pf::api::can_fork::notify)

Fingerbank.conf:
[upstream]
api_key=xx
use_https=disabled
[proxy]
use_proxy=enabled
host=http://XX.XXX.XXX.XXX
port=8080
verify_ssl=disabled
Any Ideas ?
Best Regards

Tobias Meiser


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bug PacketFence 8

2018-05-03 Thread Jeimerson C. Chaves via PacketFence-users

With version 7.4 is Okay.


pf/Switch.pm line 771.
 (pf::Switch::getVlanByName)
May  3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.24
(pf::Switch::getVlanByName)
May  3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN
assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 0
(pf::radius::authorize)
May  3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 08:26:33 PacketFence-ZEN pfqueue: pfqueue(8689) ERROR:
[mac:unknown] Couldn't update Upstream database, code : 500, msg : An
error occured while updating file
'/usr/local/fingerbank/db/fingerbank_Upstream.db'
(pf::fingerbank::_update_fingerbank_component)
May  3 08:26:52 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] CLI Access is not permit on this switch
10.190.90.25 (pf::radius::switch_access)
May  3 08:27:04 PacketFence-ZEN pfipset[2121]:
t=2018-05-03T08:27:04+ lvl=info msg="Reloading ipsets" pid=2121
May  3 08:29:45 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] CLI Access is not permit on this switch
10.190.90.25 (pf::radius::switch_access)
May  3 08:31:59 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.24), connection_type =>
Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac =>
[00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac"
(pf::radius::authorize)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
 (pf::role::_check_bypass)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
 (pf::role::getRegisteredRole)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: (undefined)
(pf::role::fetchRoleForNode)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
 (pf::Switch::getVlanByName)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
 (pf::Switch::getVlanByName)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.24
(pf::Switch::getVlanByName)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN
assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 0
(pf::radius::authorize)
May  3 08:32:00 PacketFence-ZEN pfqueue: pfqueue(8538) INFO:
[mac:unknown] undefined source id provided

[PacketFence-users] Problem with Fingerbank Gui

2018-05-03 Thread Meiser Tobias via PacketFence-users

Hello,

we have updated our ZEN to PF 8.0 last week. Since then we are not able to 
access Configuration ->Compliance-> Fingerbank Profiling General Settings. The 
Gui keeps saying "Error! An error occured while contacting the server. Please 
try again later".

I don't know if there is a relation to messages in Packetfence.log

May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189) ERROR: 
[mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device information for 
8c:dc:d4:51:df:93. Device profiling rules relying on it will not work. 
(DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM device me WHERE ( name = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433) (pf::node::fingerbank_info)

And

May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac: 
xx:xx:xx:xx:xx:xx] Error handling fingerbank_process : 
DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db 
prepare_cached failed: file is encrypted or is not a database [for Statement 
"SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at 
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433 (pf::api::can_fork::notify)


Fingerbank.conf:

[upstream]
api_key=xx
use_https=disabled

[proxy]
use_proxy=enabled
host=http://XX.XXX.XXX.XXX
port=8080
verify_ssl=disabled


Any Ideas ?


Best Regards

Tobias Meiser

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] New go binaries and pf-maint

2018-05-03 Thread Cristian Mammoli via PacketFence-users

Before 8.0 I simply run addons/pf-maint.pl, applied the patches and 
restarted the services


How do I do now that there are go binaries involved? I see pf-maint.pl 
patches the sources in go/ and there is a addons/packages/build-go.sh


Do I have to run that?

Ty

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 8 Device in Nodes not ON

[PacketFence-users] PF 8 Device in Nodes not ON

Re: [PacketFence-users] Problem with Fingerbank Gui

Re: [PacketFence-users] Portal fqdn resolution from isolation and registration vlan

Re: [PacketFence-users] Problem with Fingerbank Gui

Re: [PacketFence-users] Problem with Fingerbank Gui

Re: [PacketFence-users] Bug PacketFence 8

Re: [PacketFence-users] Problem with Fingerbank Gui

Re: [PacketFence-users] New go binaries and pf-maint

Re: [PacketFence-users] Bug PacketFence 8

Re: [PacketFence-users] Portal fqdn resolution from isolation and registration vlan

Re: [PacketFence-users] Problem with Fingerbank Gui

Re: [PacketFence-users] Bug PacketFence 8

[PacketFence-users] Problem with Fingerbank Gui

[PacketFence-users] New go binaries and pf-maint

15 matches

Site Navigation

Mail list logo

Footer information