date:20180509

Re: [PacketFence-users] new install, no internet

2018-05-09 Thread Fabrice Durand via PacketFence-users


Hello,

go in /usr/local/pf/conf and :

cp iptables.conf.example iptables.conf

then restart iptables.

Regards

Fabrice



Le 2018-05-09 à 14:55, Dominix Public Relation via PacketFence-users a 
écrit :

Thank you Fabrice, here is my iptables. seems empty.

[root@pf-wifi ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 51M packets, 9267M bytes)
 pkts bytes target     prot opt in     out     source         
 destination


Chain FORWARD (policy ACCEPT 5523 packets, 371K bytes)
 pkts bytes target     prot opt in     out     source         
 destination


Chain OUTPUT (policy ACCEPT 51M packets, 7495M bytes)
 pkts bytes target     prot opt in     out     source         
 destination

[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 33869 packets, 5824K bytes)
 pkts bytes target     prot opt in     out     source         
 destination


Chain INPUT (policy ACCEPT 30606 packets, 5460K bytes)
 pkts bytes target     prot opt in     out     source         
 destination


Chain OUTPUT (policy ACCEPT 232K packets, 35M bytes)
 pkts bytes target     prot opt in     out     source         
 destination


Chain POSTROUTING (policy ACCEPT 234K packets, 35M bytes)
 pkts bytes target     prot opt in     out     source         
 destination

[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]# ipset -L
Name: parking
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:

Name: PF-iL2_ID1_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID2_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID3_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID4_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID5_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: pfsession_Unreg_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:
192.168.27.10,E0:66:78:CC:46:22
192.168.27.11,C0:D3:C0:BD:26:13
192.168.27.12,9C:E0:63:56:CC:0A
192.168.27.13,14:9F:3C:86:2A:B1
192.168.27.14,24:A2:E1:DE:9F:2C
192.168.27.15,40:B3:95:22:7A:C0
192.168.27.17,30:10:E4:20:40:8A
192.168.27.18,CC:73:14:2B:26:B6
192.168.27.20,8C:99:E6:C6:8F:26
192.168.27.21,20:08:ED:30:D4:40
192.168.27.23,AC:AF:B9:8D:E1:EE
192.168.27.27,E8:50:8B:BE:A1:68
192.168.27.30,58:1F:28:CA:A5:BB
192.168.27.31,F0:43:47:96:92:B6
192.168.27.32,2C:CB:23:12:0B:4C
192.168.27.33,AC:5F:3E:67:E2:BA
192.168.27.34,B0:E1:7E:30:0C:94
192.168.27.37,54:B1:21:D4:A9:19
192.168.27.38,08:81:BC:35:BF:A8
192.168.27.39,6C:B7:49:07:F7:E1
192.168.27.40,88:6B:6E:05:2C:A7
192.168.27.41,BC:54:51:52:47:34
192.168.27.42,40:9F:38:E2:C2:A5
192.168.27.43,A8:C8:3A:6A:D2:66
192.168.27.44,C4:9A:02:67:C9:19
192.168.27.45,34:8A:7B:26:BD:90
192.168.27.46,7C:F9:0E:EC:FB:BF
192.168.27.48,40:45:DA:C8:36:92
192.168.27.49,84:98:66:7D:63:05
192.168.27.50,88:C9:D0:F0:79:33
192.168.27.52,D4:28:D5:EC:F0:B0
192.168.27.53,D8:5B:2A:D3:21:B7
192.168.27.54,00:27:15:DD:5E:3F
192.168.27.55,00:F8:1C:E8:C1:0B
192.168.27.56,E0:99:71:9D:81:D3
192.168.27.62,5C:97:F3:7C:94:66
192.168.27.76,24:A2:E1:DC:A2:E6

Name: pfsession_Reg_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:

Name: pfsession_Isol_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:

Name: pfsession_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:

Name: pfsession_isol_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:
[root@pf-wifi ~]#



this drive me to conclude that iptables has a problem...

[root@pf-wifi ~]# systemctl status packetfence-iptables -l
● packetfence-iptables.service - PacketFence Iptables configuration
   Loaded: loaded 
(/usr/lib/systemd/system/packetfence-iptables.service; enabled; vendor 
preset: disabled)
   Active: active (exited) since lun. 2018-05-07 16:37:41 -10; 1 day 
16h ago

 Main PID: 816 (code=exited, status=0/SUCCESS)
   CGroup: /packetfence.slice/packetfence-iptables.service

mai 07 16:37:41 pf-wifi.sdec-hyperu.pf  
packetfence[816]: INFO -e(816): building firewall to accept registered 
users through inline interface (pf::iptables::generate_inline_rules)
mai 07 16:37:41 pf-wifi.sdec-hyperu.pf

Re: [PacketFence-users] new install, no internet

2018-05-09 Thread Dominix Public Relation via PacketFence-users

Thank you Fabrice, here is my iptables. seems empty.

[root@pf-wifi ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 51M packets, 9267M bytes)
 pkts bytes target prot opt in out source
 destination

Chain FORWARD (policy ACCEPT 5523 packets, 371K bytes)
 pkts bytes target prot opt in out source
 destination

Chain OUTPUT (policy ACCEPT 51M packets, 7495M bytes)
 pkts bytes target prot opt in out source
 destination
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 33869 packets, 5824K bytes)
 pkts bytes target prot opt in out source
 destination

Chain INPUT (policy ACCEPT 30606 packets, 5460K bytes)
 pkts bytes target prot opt in out source
 destination

Chain OUTPUT (policy ACCEPT 232K packets, 35M bytes)
 pkts bytes target prot opt in out source
 destination

Chain POSTROUTING (policy ACCEPT 234K packets, 35M bytes)
 pkts bytes target prot opt in out source
 destination
[root@pf-wifi ~]#
[root@pf-wifi ~]#
[root@pf-wifi ~]# ipset -L
Name: parking
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:

Name: PF-iL2_ID1_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID2_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID3_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID4_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: PF-iL2_ID5_192.168.27.0
Type: bitmap:ip
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 184
References: 0
Members:

Name: pfsession_Unreg_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:
192.168.27.10,E0:66:78:CC:46:22
192.168.27.11,C0:D3:C0:BD:26:13
192.168.27.12,9C:E0:63:56:CC:0A
192.168.27.13,14:9F:3C:86:2A:B1
192.168.27.14,24:A2:E1:DE:9F:2C
192.168.27.15,40:B3:95:22:7A:C0
192.168.27.17,30:10:E4:20:40:8A
192.168.27.18,CC:73:14:2B:26:B6
192.168.27.20,8C:99:E6:C6:8F:26
192.168.27.21,20:08:ED:30:D4:40
192.168.27.23,AC:AF:B9:8D:E1:EE
192.168.27.27,E8:50:8B:BE:A1:68
192.168.27.30,58:1F:28:CA:A5:BB
192.168.27.31,F0:43:47:96:92:B6
192.168.27.32,2C:CB:23:12:0B:4C
192.168.27.33,AC:5F:3E:67:E2:BA
192.168.27.34,B0:E1:7E:30:0C:94
192.168.27.37,54:B1:21:D4:A9:19
192.168.27.38,08:81:BC:35:BF:A8
192.168.27.39,6C:B7:49:07:F7:E1
192.168.27.40,88:6B:6E:05:2C:A7
192.168.27.41,BC:54:51:52:47:34
192.168.27.42,40:9F:38:E2:C2:A5
192.168.27.43,A8:C8:3A:6A:D2:66
192.168.27.44,C4:9A:02:67:C9:19
192.168.27.45,34:8A:7B:26:BD:90
192.168.27.46,7C:F9:0E:EC:FB:BF
192.168.27.48,40:45:DA:C8:36:92
192.168.27.49,84:98:66:7D:63:05
192.168.27.50,88:C9:D0:F0:79:33
192.168.27.52,D4:28:D5:EC:F0:B0
192.168.27.53,D8:5B:2A:D3:21:B7
192.168.27.54,00:27:15:DD:5E:3F
192.168.27.55,00:F8:1C:E8:C1:0B
192.168.27.56,E0:99:71:9D:81:D3
192.168.27.62,5C:97:F3:7C:94:66
192.168.27.76,24:A2:E1:DC:A2:E6

Name: pfsession_Reg_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:

Name: pfsession_Isol_192.168.27.0
Type: bitmap:ip,mac
Revision: 1
Header: range 192.168.27.0-192.168.27.255
Size in memory: 4272
References: 0
Members:

Name: pfsession_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:

Name: pfsession_isol_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 0
Members:
[root@pf-wifi ~]#



this drive me to conclude that iptables has a problem...

[root@pf-wifi ~]# systemctl status packetfence-iptables -l
● packetfence-iptables.service - PacketFence Iptables configuration
   Loaded: loaded (/usr/lib/systemd/system/packetfence-iptables.service;
enabled; vendor preset: disabled)
   Active: active (exited) since lun. 2018-05-07 16:37:41 -10; 1 day 16h ago
 Main PID: 816 (code=exited, status=0/SUCCESS)
   CGroup: /packetfence.slice/packetfence-iptables.service

mai 07 16:37:41 pf-wifi.sdec-hyperu.pf packetfence[816]: INFO -e(816):
building firewall to accept registered users through inline interface
(pf::iptables::generate_inline_rules)
mai 07 16:37:41 pf-wifi.sdec-hyperu.pf sudo[1852]: root : TTY=unknown ;
PWD=/ ; USER=root ; COMMAND=/sbin/ip route get 8.8.8.8 from 192.168.27.1
mai 07 16:37:41 pf-wifi.sdec-hyperu.pf packetfence[816]: INFO -e(816):
Adding Forward rules to allow connections to the OAuth2 Providers and
passthrough. (pf::iptables::generate_passthrough_rules)
mai 07 16:37:41 pf-wifi.sdec-hyperu.pf

Re: [PacketFence-users] Packetfence-8.0.0 logging to /var/log/messages

2018-05-09 Thread Fabrice Durand via PacketFence-users


Hello Samuel,

it's probably because you use syslog-ng instead of rsyslog.

Regards

Fabrice



Le 2018-05-09 à 11:37, Samuel Chege a écrit :

Hi Fabrice,

I have restarted the syslog-ng daemon (since that is what I have on my 
system). Still nothing being logged to the individual log files. Thanks.


On 9 May 2018 at 18:21, Fabrice Durand via PacketFence-users 
> wrote:


Hello Samuel,

can you restart rsyslog ?

Regards

Fabrice



Le 2018-05-08 à 10:27, Samuel Chege via PacketFence-users a écrit :

Hi guys,

Since I upgraded from 7.4.0 to 8.0.0, all the services are
logging messages to /var/log/messages instead of the individual
service logging paths defined under
*/etc/rsyslog.d/packetfence.conf*.
Anyone who can help me figure out where the problem is? Thank you.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] new install, no internet

2018-05-09 Thread Fabrice Durand via PacketFence-users


Hello,

first for email registration, do you use the server as a relay or do you 
use an external smtp server ?


For internet access, can you paste the command:

iptables -L -n -v

iptables -L -n -v -t nat

ipset -L

Regards

Fabrice



Le 2018-05-09 à 05:19, Dominix Public Relation via PacketFence-users a 
écrit :
I am setting up a gateway to provide free wifi to customers, with only 
email registration.
the packetfence gateway is instaled on a Centos7.5 in a inline 
configuration.

internet access is OK, machine upgrade and reach internet.
people are ables to sign in, but then ... nothing more. after entering 
email and checking OK to the AUP they can not access the internet. no 
email is send either. But the email services are Ok, because I can 
receive alerts or orher things from the machine.


Wifi is managed by a third party, it is an open network. DHCP is 
provided by packetfence machine in version 8.0.0. I already have 
plenty of registered smartphone but none reach the internet.


could I have advice for were to search. it seem to be a trivial 
setting but I can not figure which one.


thanks or your time.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] packetfence 8.0 not biding LDAP and maybe radius is not working with the sponsor.

2018-05-09 Thread Fabrice Durand via PacketFence-users


Hello Rafael,

can you take a pcap when you try to bind the AD ?

I did some tests on my side and i am not able to reproduce the issue.

Also using a radius source for sponsor is not possible since PacketFence 
need to do a search for the sponsor.


Regards

Fabrice



Le 2018-05-08 à 17:54, Rafael Rocha via PacketFence-users a écrit :


Hello guys, I trying to configure the new version of packetfence, but 
for some reason I am not able to biding my AD.


The base DN, user bind DN did work with the other versions.

I am trying to use the sponsor module, making it mark the users of my 
ad as sponsor so when a guest come and fill the captive portal page 
they are able to receive the emails.


I did configure the radius source, but I am not sure how to make the 
sponsor module work with it, and with its already doing, why I am 
still getting '' x...@mydomain.com is not eable to sponsor".


How I can make this happen ?

Thanks in advence,

Kindly Rafael.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Redundant authentication sources

2018-05-09 Thread Fabrice Durand via PacketFence-users


Hello Cristian,

in fact you can set a comma delimited list of ip addresses in the source.

Regards

Fabrice



Le 2018-05-08 à 04:54, Cristian Mammoli via PacketFence-users a écrit :
Hi, what's the correct way to have redundant authentication sources? 
There is no way to specify multiple hosts.


I ended up declaring them twice with different servers and using both 
in connection profiles but I don't know if this is the correct way to go:


apra-machine-auth-dc01      Apra Machine authentication DC01 AD
apra-machine-auth-dc02      Apra Machine authentication DC02 AD
apra-user-auth-dc01      Apra Machine authentication DC01     AD
apra-user-auth-dc02      Apra Machine authentication DC02     AD

Thanks

C.

-- 


Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] packetfence 8.0 not biding LDAP and maybe radius is not working with the sponsor.

2018-05-09 Thread Rafael Rocha via PacketFence-users

Hello guys, I trying to configure the new version of packetfence, but for some 
reason I am not able to biding my AD.
The base DN, user bind DN did work with the other versions.

I am trying to use the sponsor module, making it mark the users of my ad as 
sponsor so when a guest come and fill the captive portal page they are able to 
receive the emails.

I did configure the radius source, but I am not sure how to make the sponsor 
module work with it, and with its already doing, why I am still getting '' 
x...@mydomain.com is not eable to sponsor".

How I can make this happen ?

Thanks in advence,
Kindly Rafael.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] new install, no internet

2018-05-09 Thread Dominix Public Relation via PacketFence-users

I am setting up a gateway to provide free wifi to customers, with only
email registration.
the packetfence gateway is instaled on a Centos7.5 in a inline
configuration.
internet access is OK, machine upgrade and reach internet.
people are ables to sign in, but then ... nothing more. after entering
email and checking OK to the AUP they can not access the internet. no email
is send either. But the email services are Ok, because I can receive alerts
or orher things from the machine.

Wifi is managed by a third party, it is an open network. DHCP is provided
by packetfence machine in version 8.0.0. I already have plenty of
registered smartphone but none reach the internet.

could I have advice for were to search. it seem to be a trivial setting but
I can not figure which one.

thanks or your time.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] new install, no internet

Re: [PacketFence-users] new install, no internet

Re: [PacketFence-users] Packetfence-8.0.0 logging to /var/log/messages

Re: [PacketFence-users] new install, no internet

Re: [PacketFence-users] packetfence 8.0 not biding LDAP and maybe radius is not working with the sponsor.

Re: [PacketFence-users] Redundant authentication sources

[PacketFence-users] packetfence 8.0 not biding LDAP and maybe radius is not working with the sponsor.

[PacketFence-users] new install, no internet

8 matches

Site Navigation

Mail list logo

Footer information