[PacketFence-users] PacketFence-PKI Installation Problems

2019-04-29 Thread Simon Bone via PacketFence-users 
I'm attempting to install PacketFence-PKI on a Debian 8.11 Jessie but
running into problems.

I'm following 3.1.4 from the installation instructions (
https://packetfence.org/doc/PacketFence_PKI_Quick_Install_Guide.html) but
get the following error messages when running the apt-get command:

*command: *
sudo apt-get install packetfence-pki

*errors:*
Err http://inverse.ca/downloads/PacketFence/debian/ wheezy/wheezy
python-django-bootstrap3 all 5.4.0-1
  404  Not Found [IP: 192.95.20.194 80]
Err http://inverse.ca/downloads/PacketFence/debian/ wheezy/wheezy
packetfence-pki all 1.0.4
  404  Not Found [IP: 192.95.20.194 80]
Unable to correct missing packages.
E: Failed to fetch
http://inverse.ca/downloads/PacketFence/debian/pool/wheezy/d/django-bootstrap3/python-django-bootstrap3_5.4.0-1_all.deb
404  Not Found [IP: 192.95.20.194 80]

E: Failed to fetch
http://inverse.ca/downloads/PacketFence/debian/pool/wheezy/p/packetfence-pki/packetfence-pki_1.0.4_all.deb
404  Not Found [IP: 192.95.20.194 80]

E: Aborting install.

I found this post that discusses a similar issue but it doesn't appear to
have been resolved:
https://sourceforge.net/p/packetfence/mailman/message/35907472/

Any advice on how to workaround this issue would be greatly appreciated!

Thanks
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Password of the day change time

2019-04-29 Thread Eric Rolleman via PacketFence-users 
How set when PacketFence changes the password.

I have a weekly password change set up using the Password of the day feature. I 
want the change to happen every Monday early morning.

Thank you.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] JSON error Go Struct - Inline mode

2019-04-29 Thread Fabrice Durand via PacketFence-users 

It will be in 9.

Le 19-04-29 à 11 h 04, Thomas OLIVIER via PacketFence-users a écrit :
Will PF support Debian 9 in the next minor release or in the next 
major 9.0 ?



Thomas.

On 29/04/2019 15:10, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

i just pushed the patch in devel.

Btw thanks to test on Debian 9 ;-)

Regards

Fabrice


Le 19-04-29 à 08 h 58, Thomas OLIVIER via PacketFence-users a écrit :

Hello,

You rock Fabrice! it works! Thanks for your help :-))

There was the same error for the first function called 
"iptables_mark_node"



--- lib/pf/ipset.pm    2019-04-29 12:29:05.170883782 +0200
+++ lib/pf/ipset.pm.orig    2019-04-29 11:12:09.543421923 +0200
@@ -316,14 +316,14 @@
call_ipsetd("/ipset/mark_layer3?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog
 });
 } else {
call_ipsetd("/ipset/mark_layer2?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog,
 "mac" => $mac
 });
@@ -410,13 +410,13 @@
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 } else {
call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 }


Have a nice day!

Thomas.


On 26/04/2019 16:30, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

can you try that:

diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm
index 63273f6c45..fcdb41872a 100644
--- a/lib/pf/ipset.pm
+++ b/lib/pf/ipset.pm
@@ -410,13 +410,13 @@ sub update_node {
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 } else {
call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 }


Regards

Fabrice


Le 19-04-25 à 13 h 16, Thomas OLIVIER via PacketFence-users a écrit :

Hi All,

There is an issue on my fresh install of PF with Debian 9.

With inline mode all is fine until i want to login, after validate 
the login form i get a lots of errors in the log and ipset is not 
update.



Is it a bug ?



Thomas.



Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] Instantiate 
profile TEMPLATE (pf::Connection::ProfileFactory::_from_profile)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] No provisioner 
found for 00:90:4b:6a:5c:39. Continuing. 
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal:

Re: [PacketFence-users] JSON error Go Struct - Inline mode

2019-04-29 Thread Thomas OLIVIER via PacketFence-users 
Will PF support Debian 9 in the next minor release or in the next major 
9.0 ?



Thomas.

On 29/04/2019 15:10, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

i just pushed the patch in devel.

Btw thanks to test on Debian 9 ;-)

Regards

Fabrice


Le 19-04-29 à 08 h 58, Thomas OLIVIER via PacketFence-users a écrit :

Hello,

You rock Fabrice! it works! Thanks for your help :-))

There was the same error for the first function called 
"iptables_mark_node"



--- lib/pf/ipset.pm    2019-04-29 12:29:05.170883782 +0200
+++ lib/pf/ipset.pm.orig    2019-04-29 11:12:09.543421923 +0200
@@ -316,14 +316,14 @@
 call_ipsetd("/ipset/mark_layer3?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog
 });
 } else {
 call_ipsetd("/ipset/mark_layer2?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog,
 "mac" => $mac
 });
@@ -410,13 +410,13 @@
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 } else {
call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 }


Have a nice day!

Thomas.


On 26/04/2019 16:30, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

can you try that:

diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm
index 63273f6c45..fcdb41872a 100644
--- a/lib/pf/ipset.pm
+++ b/lib/pf/ipset.pm
@@ -410,13 +410,13 @@ sub update_node {
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 } else {
call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 }


Regards

Fabrice


Le 19-04-25 à 13 h 16, Thomas OLIVIER via PacketFence-users a écrit :

Hi All,

There is an issue on my fresh install of PF with Debian 9.

With inline mode all is fine until i want to login, after validate 
the login form i get a lots of errors in the log and ipset is not 
update.



Is it a bug ?



Thomas.



Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] Instantiate 
profile TEMPLATE (pf::Connection::ProfileFactory::_from_profile)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] No provisioner 
found for 00:90:4b:6a:5c:39. Continuing. 
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39]

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread pro fence via PacketFence-users 
Fabrice,
here is what i have after issuing your commands :

tcp0  0 registration_vlan_ip:80  0.0.0.0:*
LISTEN  7758/haproxy
tcp0  0 isolation_vlan_ip:80   0.0.0.0:*
LISTEN  7758/haproxy
tcp0  0 127.0.0.1:800.0.0.0:*
LISTEN  9239/httpd
tcp0  0 127.0.0.1:80127.0.0.1:43622
SYN_RECV-
tcp0  0 127.0.0.1:8080  0.0.0.0:*
LISTEN  7877/perl
tcp0  0 127.0.0.1:8080  127.0.0.1:43946
TIME_WAIT   -
tcp0  0 127.0.0.1:8080  127.0.0.1:44226
ESTABLISHED 8288/perl
tcp0  0 127.0.0.1:44226 127.0.0.1:8080
ESTABLISHED 7883/pfhttpd


tcp0  0  registration_vlan_ip:443 0.0.0.0:*
LISTEN  7758/haproxy
tcp0  0  isolation_vlan_ip:443  0.0.0.0:*
LISTEN  7758/haproxy

On Mon, 29 Apr 2019 at 15:54, pro fence  wrote:

> Hello Fabrice,
>
> thank you, here it is, i skipped the "alerting" section
>
> #Subject prefix for email notifications of rogue DHCP servers, violations
> with an action of "email", or any other
> #PacketFence-related message.
> subjectprefix=[PF Alertt]
>
> [captive_portal]
> #
> # captive_portal.network_detection_ip
> #
> # This IP is used as the webserver who hosts the
> common/network-access-detection.gif which is used to detect if network
> # access was enabled.
> # It cannot be a domain name since it is used in registration or
> quarantine where DNS is blackholed.
> # It is recommended that you allow your users to reach your packetfence
> server and put your LAN's PacketFence IP.
> # By default we will make this reach PacketFence's website as an easy
> solution.
> #
> network_detection_ip=management_ip
>
> [active_active]
> #
> # active_active.password
> #
> # Shared KEY for vrrp protocol (Must be the same on all members).
> password=pwd
>
> [interface eth0]
> ip=management_ip
> type=management,portal,high-availability
> mask=255.255.0.0
>
> [interface eth1]
> enforcement=vlan
> ip=registration_vlan_ip
> type=internal
> mask=255.255.0.0
>
> [interface eth2]
> enforcement=vlan
> ip=isolation_vlan_ip
> type=internal
> mask=255.255.0.0
>
> i will the commands and let you know
> Regards
>
>
> On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Pro,
>>
>> haproxy is the process who is suppose to listen on the port 80 and 443.
>>
>> It looks that the configuration is not correctly generated.
>>
>> Can you you paste your pf.conf
>>
>> and do that:
>>
>> pfcmd pfconfig clear_backend
>>
>> pfcmd configreload hard
>>
>> pfcmd service haproxy-portal restart
>>
>> pfcmd service iptables restart
>>
>>
>> Regards
>>
>> Fabrice
>>
>>
>> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit :
>>
>> HI,
>>
>> thanks for the reply i have already did that.
>> Here is what i have
>>
>>
>> tcp0  0 127.0.0.1:80 0.0.0.0:*
>> LISTEN  9239/httpd
>> tcp0  0 127.0.0.1:80127.0.0.1:33796
>> SYN_RECV-
>> tcp0  0 registration_vlan_ip:80  0.0.0.0:*
>> LISTEN  8662/haproxy
>> tcp0  0 isolation_vlan_ip:80 0.0.0.0:*
>> LISTEN  8662/haproxy
>> tcp0  0 127.0.0.1:8080 0.0.0.0:*
>> LISTEN  7877/perl
>> tcp0  0 127.0.0.1:8080 127.0.0.1:34264
>> TIME_WAIT   -
>>
>> tcp0  0 10.registration_vlan_ip:443 0.0.0.0:*
>> LISTEN  8662/haproxy
>> tcp0  0 10.isolation_vlan_ip:443  0.0.0.0:*
>> LISTEN  8662/haproxy
>>
>> the problem is that the portal url (on the switch role config) is as
>> follows http://magement_ip/Cisco::WLC
>>
>> so when i use my ssid to connect it can't show the portal as a telnet
>> management_ip 80 doens't work.
>> I am new to packetfence so i d'ont know how a working config should
>> behave. I a using a personnalised ssl certificate and i have the file
>> server.pem set along with server.crt and server.key and my
>> packetfence-haproxy-portal service is up as a matter of fact here my
>> running services :
>>
>> packetfence-api-frontend.service
>> loaded active running PacketFence API frontend Service
>>
>> packetfence-config.service
>> loaded active running PacketFence Config Service
>>
>> packetfence-haproxy-portal.service
>> loaded active running PacketFence HAProxy Load Balancer for the
>> captive portal
>>
>> packetfence-httpd.aaa.service
>> loaded active running PacketFence AAA Apache HTTP Server
>>
>> packetfence-httpd.dispatcher.service
>> loaded active running PacketFence HTTP Dispatcher
>>
>> packetfence-httpd.parking.service
>> loaded active running PacketFence Parking  Apache HTTP Server
>>
>> packetfence-httpd.portal.service
>> loaded active running PacketFence Captive Portal Apache HTTP
>>

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread pro fence via PacketFence-users 
Hello Fabrice,

thank you, here it is, i skipped the "alerting" section

#Subject prefix for email notifications of rogue DHCP servers, violations
with an action of "email", or any other
#PacketFence-related message.
subjectprefix=[PF Alertt]

[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the
common/network-access-detection.gif which is used to detect if network
# access was enabled.
# It cannot be a domain name since it is used in registration or quarantine
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence
server and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy
solution.
#
network_detection_ip=management_ip

[active_active]
#
# active_active.password
#
# Shared KEY for vrrp protocol (Must be the same on all members).
password=pwd

[interface eth0]
ip=management_ip
type=management,portal,high-availability
mask=255.255.0.0

[interface eth1]
enforcement=vlan
ip=registration_vlan_ip
type=internal
mask=255.255.0.0

[interface eth2]
enforcement=vlan
ip=isolation_vlan_ip
type=internal
mask=255.255.0.0

i will the commands and let you know
Regards


On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Pro,
>
> haproxy is the process who is suppose to listen on the port 80 and 443.
>
> It looks that the configuration is not correctly generated.
>
> Can you you paste your pf.conf
>
> and do that:
>
> pfcmd pfconfig clear_backend
>
> pfcmd configreload hard
>
> pfcmd service haproxy-portal restart
>
> pfcmd service iptables restart
>
>
> Regards
>
> Fabrice
>
>
> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit :
>
> HI,
>
> thanks for the reply i have already did that.
> Here is what i have
>
>
> tcp0  0 127.0.0.1:80 0.0.0.0:*
> LISTEN  9239/httpd
> tcp0  0 127.0.0.1:80127.0.0.1:33796
> SYN_RECV-
> tcp0  0 registration_vlan_ip:80  0.0.0.0:*
> LISTEN  8662/haproxy
> tcp0  0 isolation_vlan_ip:80 0.0.0.0:*
> LISTEN  8662/haproxy
> tcp0  0 127.0.0.1:8080 0.0.0.0:*
> LISTEN  7877/perl
> tcp0  0 127.0.0.1:8080 127.0.0.1:34264
> TIME_WAIT   -
>
> tcp0  0 10.registration_vlan_ip:443 0.0.0.0:*
> LISTEN  8662/haproxy
> tcp0  0 10.isolation_vlan_ip:443  0.0.0.0:*
> LISTEN  8662/haproxy
>
> the problem is that the portal url (on the switch role config) is as
> follows http://magement_ip/Cisco::WLC
>
> so when i use my ssid to connect it can't show the portal as a telnet
> management_ip 80 doens't work.
> I am new to packetfence so i d'ont know how a working config should
> behave. I a using a personnalised ssl certificate and i have the file
> server.pem set along with server.crt and server.key and my
> packetfence-haproxy-portal service is up as a matter of fact here my
> running services :
>
> packetfence-api-frontend.service
> loaded active running PacketFence API frontend Service
>
> packetfence-config.service
> loaded active running PacketFence Config Service
>
> packetfence-haproxy-portal.service
> loaded active running PacketFence HAProxy Load Balancer for the
> captive portal
>
> packetfence-httpd.aaa.service
> loaded active running PacketFence AAA Apache HTTP Server
>
> packetfence-httpd.dispatcher.service
> loaded active running PacketFence HTTP Dispatcher
>
> packetfence-httpd.parking.service
> loaded active running PacketFence Parking  Apache HTTP Server
>
> packetfence-httpd.portal.service
> loaded active running PacketFence Captive Portal Apache HTTP
> Server
>
> packetfence-httpd.webservices.service
> loaded active running PacketFence Webservices Apache HTTP Server
>
> packetfence-iptables.service
> loaded active running PacketFence Iptables configuration
>
> packetfence-mariadb.service
> loaded active running PacketFence MariaDB instance
>
> packetfence-netdata.service
> loaded active running Real time performance monitoring
>
> packetfence-pfdhcp.service
> loaded active running PacketFence GO DHCPv4 Server Daemon
>
> packetfence-pfdhcplistener.service
> loaded active running PacketFence DHCP Listener Service
>
> packetfence-pfdns.service
> loaded active running PacketFence GO DNS Server Daemon
>
> packetfence-pffilter.service
> loaded active running PacketFence pffilter Service
>
> packetfence-pfipset.service
> loaded active running PacketFence Ipset Daemon
>
> packetfence-pfmon.service
> loaded active running PacketFence pfmon Service
>
> packetfence-pfperl-api.service
> loaded active running PacketFence

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread Fabrice Durand via PacketFence-users 

Hello Pro,

haproxy is the process who is suppose to listen on the port 80 and 443.

It looks that the configuration is not correctly generated.

Can you you paste your pf.conf

and do that:

pfcmd pfconfig clear_backend

pfcmd configreload hard

pfcmd service haproxy-portal restart

pfcmd service iptables restart


Regards

Fabrice


Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit :

HI,

thanks for the reply i have already did that.
Here is what i have


tcp    0  0 127.0.0.1:80  
0.0.0.0:*   LISTEN  9239/httpd
tcp    0  0 127.0.0.1:80  127.0.0.1:33796 
 SYN_RECV    -
tcp    0  0 registration_vlan_ip:80 0.0.0.0:*   
LISTEN  8662/haproxy
tcp    0  0 isolation_vlan_ip:80 0.0.0.0:*   
LISTEN  8662/haproxy
tcp    0  0 127.0.0.1:8080  
0.0.0.0:*   LISTEN  7877/perl
tcp    0  0 127.0.0.1:8080  
127.0.0.1:34264  TIME_WAIT   -


tcp    0  0 10.registration_vlan_ip:443 
0.0.0.0:*   LISTEN  8662/haproxy
tcp    0  0 10.isolation_vlan_ip:443 0.0.0.0:*   
LISTEN  8662/haproxy


the problem is that the portal url (on the switch role config) is as 
follows http://magement_ip/Cisco::WLC


so when i use my ssid to connect it can't show the portal as a telnet 
management_ip 80 doens't work.
I am new to packetfence so i d'ont know how a working config should 
behave. I a using a personnalised ssl certificate and i have the file 
server.pem set along with server.crt and server.key and my  
packetfence-haproxy-portal service is up as a matter of fact here my 
running services :


packetfence-api-frontend.service loaded active running 
PacketFence API frontend Service
packetfence-config.service loaded active running 
PacketFence Config Service
packetfence-haproxy-portal.service loaded active running 
PacketFence HAProxy Load Balancer for the captive portal
packetfence-httpd.aaa.service loaded active running 
PacketFence AAA Apache HTTP Server
packetfence-httpd.dispatcher.service loaded active running 
PacketFence HTTP Dispatcher
packetfence-httpd.parking.service loaded active running 
PacketFence Parking Apache HTTP Server
packetfence-httpd.portal.service loaded active running 
PacketFence Captive Portal Apache HTTP Server
packetfence-httpd.webservices.service loaded active 
running PacketFence Webservices Apache HTTP Server
packetfence-iptables.service loaded active running 
PacketFence Iptables configuration
packetfence-mariadb.service loaded active running 
PacketFence MariaDB instance
packetfence-netdata.service loaded active running Real 
time performance monitoring
packetfence-pfdhcp.service loaded active running 
PacketFence GO DHCPv4 Server Daemon
packetfence-pfdhcplistener.service loaded active running 
PacketFence DHCP Listener Service
packetfence-pfdns.service loaded active running 
PacketFence GO DNS Server Daemon
packetfence-pffilter.service loaded active running 
PacketFence pffilter Service
packetfence-pfipset.service loaded active running 
PacketFence Ipset Daemon
packetfence-pfmon.service loaded active running 
PacketFence pfmon Service
packetfence-pfperl-api.service loaded active running 
PacketFence Unified API
packetfence-pfqueue.service loaded active running 
PacketFence pfqueue Service
packetfence-pfsso.service loaded active running 
PacketFence PFSSO Service
packetfence-pfstats.service loaded active running 
PacketFence Stats daemon
packetfence-radiusd-acct.service loaded active running 
PacketFence FreeRADIUS multi-protocol accounting server
packetfence-radiusd-auth.service loaded active running 
PacketFence FreeRADIUS authentication multi-protocol authentication server
packetfence-radsniff.service loaded active running 
PacketFence radsniff Service
packetfence-redis-cache.service loaded active running 
PacketFence Redis Cache Service

  packetfence-redis_queue.service

thanks in advance,
regards

On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users 
> wrote:


Hello pro,

you just need to add and additional listening daemon on the
management interface:
https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces

Then restart packetfence.

Regards

Fabrice

Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit :

Hi,

 thanks for the reply. but i still don't see how to active port
80 and 443 on management ip.

Any help is appreciated
Regards,

On Mon, 29 Apr

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread pro fence via PacketFence-users 
HI,

thanks for the reply i have already did that.
Here is what i have


tcp0  0 127.0.0.1:80 0.0.0.0:*
LISTEN  9239/httpd
tcp0  0 127.0.0.1:80127.0.0.1:33796
SYN_RECV-
tcp0  0 registration_vlan_ip:80  0.0.0.0:*
LISTEN  8662/haproxy
tcp0  0 isolation_vlan_ip:80 0.0.0.0:*
LISTEN  8662/haproxy
tcp0  0 127.0.0.1:8080 0.0.0.0:*
LISTEN  7877/perl
tcp0  0 127.0.0.1:8080 127.0.0.1:34264
TIME_WAIT   -

tcp0  0 10.registration_vlan_ip:443 0.0.0.0:*
LISTEN  8662/haproxy
tcp0  0 10.isolation_vlan_ip:443  0.0.0.0:*
LISTEN  8662/haproxy

the problem is that the portal url (on the switch role config) is as
follows http://magement_ip/Cisco::WLC

so when i use my ssid to connect it can't show the portal as a telnet
management_ip 80 doens't work.
I am new to packetfence so i d'ont know how a working config should behave.
I a using a personnalised ssl certificate and i have the file server.pem
set along with server.crt and server.key and my  packetfence-haproxy-portal
service is up as a matter of fact here my running services :

packetfence-api-frontend.service
loaded active running PacketFence API frontend Service

packetfence-config.service
loaded active running PacketFence Config Service

packetfence-haproxy-portal.service
loaded active running PacketFence HAProxy Load Balancer for the
captive portal

packetfence-httpd.aaa.service
loaded active running PacketFence AAA Apache HTTP Server

packetfence-httpd.dispatcher.service
loaded active running PacketFence HTTP Dispatcher

packetfence-httpd.parking.service
loaded active running PacketFence Parking  Apache HTTP Server

packetfence-httpd.portal.service
loaded active running PacketFence Captive Portal Apache HTTP
Server

packetfence-httpd.webservices.service
loaded active running PacketFence Webservices Apache HTTP Server

packetfence-iptables.service
loaded active running PacketFence Iptables configuration

packetfence-mariadb.service
loaded active running PacketFence MariaDB instance

packetfence-netdata.service
loaded active running Real time performance monitoring

packetfence-pfdhcp.service
loaded active running PacketFence GO DHCPv4 Server Daemon

packetfence-pfdhcplistener.service
loaded active running PacketFence DHCP Listener Service

packetfence-pfdns.service
loaded active running PacketFence GO DNS Server Daemon

packetfence-pffilter.service
loaded active running PacketFence pffilter Service

packetfence-pfipset.service
loaded active running PacketFence Ipset Daemon

packetfence-pfmon.service
loaded active running PacketFence pfmon Service

packetfence-pfperl-api.service
loaded active running PacketFence Unified API

packetfence-pfqueue.service
loaded active running PacketFence pfqueue Service

packetfence-pfsso.service
loaded active running PacketFence PFSSO Service

packetfence-pfstats.service
loaded active running PacketFence Stats daemon

packetfence-radiusd-acct.service
loaded active running PacketFence FreeRADIUS multi-protocol
accounting server

packetfence-radiusd-auth.service
loaded active running PacketFence FreeRADIUS authentication
multi-protocol authentication server

packetfence-radsniff.service
loaded active running PacketFence radsniff Service

packetfence-redis-cache.service
loaded active running PacketFence Redis Cache Service
  packetfence-redis_queue.service

thanks in advance,
regards

On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello pro,
>
> you just need to add and additional listening daemon on the management
> interface:
> https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces
>
> Then restart packetfence.
>
> Regards
>
> Fabrice
> Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit :
>
> Hi,
>
>  thanks for the reply. but i still don't see how to active port 80 and 443
> on management ip.
>
> Any help is appreciated
> Regards,
>
> On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via PacketFence-users
>  wrote:
>
>>
>>
>> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote:
>> > my packetfence server is not listening on port 80 on the management
>> > interface (and my portal is on that interface as per the installation
>> > guide), but it is listening on registration and isolation.
>> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless
>> > because it is lost on restart.
>>
>> You should be able to change this setting in pf.conf (see ports section).
>> --
>>

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread Fabrice Durand via PacketFence-users 

Hello pro,

you just need to add and additional listening daemon on the management 
interface:

https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces

Then restart packetfence.

Regards

Fabrice

Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit :

Hi,

 thanks for the reply. but i still don't see how to active port 80 and 
443 on management ip.


Any help is appreciated
Regards,

On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via 
PacketFence-users > wrote:




On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote:
> my packetfence server is not listening on port 80 on the management
> interface (and my portal is on that interface as per the
installation
> guide), but it is listening on registration and isolation.
> changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless
> because it is lost on restart.

You should be able to change this setting in pf.conf (see ports
section).
-- 
Nicolas Quiniou-Briand

n...@inverse.ca   :: +1.514.447.4918 *140 
:: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] JSON error Go Struct - Inline mode

2019-04-29 Thread Fabrice Durand via PacketFence-users 

Hello Thomas,

i just pushed the patch in devel.

Btw thanks to test on Debian 9 ;-)

Regards

Fabrice


Le 19-04-29 à 08 h 58, Thomas OLIVIER via PacketFence-users a écrit :

Hello,

You rock Fabrice! it works! Thanks for your help :-))

There was the same error for the first function called 
"iptables_mark_node"



--- lib/pf/ipset.pm    2019-04-29 12:29:05.170883782 +0200
+++ lib/pf/ipset.pm.orig    2019-04-29 11:12:09.543421923 +0200
@@ -316,14 +316,14 @@
 call_ipsetd("/ipset/mark_layer3?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog
 });
 } else {
 call_ipsetd("/ipset/mark_layer2?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog,
 "mac" => $mac
 });
@@ -410,13 +410,13 @@
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

 call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 } else {
 call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 }


Have a nice day!

Thomas.


On 26/04/2019 16:30, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

can you try that:

diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm
index 63273f6c45..fcdb41872a 100644
--- a/lib/pf/ipset.pm
+++ b/lib/pf/ipset.pm
@@ -410,13 +410,13 @@ sub update_node {
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 } else {
call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 }


Regards

Fabrice


Le 19-04-25 à 13 h 16, Thomas OLIVIER via PacketFence-users a écrit :

Hi All,

There is an issue on my fresh install of PF with Debian 9.

With inline mode all is fine until i want to login, after validate 
the login form i get a lots of errors in the log and ipset is not 
update.



Is it a bug ?



Thomas.



Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] Instantiate 
profile TEMPLATE (pf::Connection::ProfileFactory::_from_profile)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] No provisioner 
found for 00:90:4b:6a:5c:39. Continuing. 
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] security_event 
133 force-closed for 00:90:4b:6a:5c:39 
(pf::security_event::security_event_force_close)
Apr 25

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread pro fence via PacketFence-users 
Hi,

 thanks for the reply. but i still don't see how to active port 80 and 443
on management ip.

Any help is appreciated
Regards,

On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

>
>
> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote:
> > my packetfence server is not listening on port 80 on the management
> > interface (and my portal is on that interface as per the installation
> > guide), but it is listening on registration and isolation.
> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless
> > because it is lost on restart.
>
> You should be able to change this setting in pf.conf (see ports section).
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] JSON error Go Struct - Inline mode

2019-04-29 Thread Thomas OLIVIER via PacketFence-users 

Hello,

You rock Fabrice! it works! Thanks for your help :-))

There was the same error for the first function called "iptables_mark_node"


--- lib/pf/ipset.pm    2019-04-29 12:29:05.170883782 +0200
+++ lib/pf/ipset.pm.orig    2019-04-29 11:12:09.543421923 +0200
@@ -316,14 +316,14 @@
 call_ipsetd("/ipset/mark_layer3?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog
 });
 } else {
 call_ipsetd("/ipset/mark_layer2?local=0",{
 "network" => $network,
 "type"    => $mark_type_to_str{$mark},
-    "role_id" => "".$role_id,
+    "role_id" => $role_id,
 "ip"  => $iplog,
 "mac" => $mac
 });
@@ -410,13 +410,13 @@
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

 call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 } else {
 call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => "".$id,
+    "role_id" => $id,
 "ip"  => $src_ip
 });
 }


Have a nice day!

Thomas.


On 26/04/2019 16:30, Fabrice Durand via PacketFence-users wrote:

Hello Thomas,

can you try that:

diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm
index 63273f6c45..fcdb41872a 100644
--- a/lib/pf/ipset.pm
+++ b/lib/pf/ipset.pm
@@ -410,13 +410,13 @@ sub update_node {
  if ($ConfigNetworks{$network}{'type'} =~ 
/^$NET_TYPE_INLINE_L3$/i) {

 call_ipsetd("/ipset/mark_ip_layer3?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 } else {
 call_ipsetd("/ipset/mark_ip_layer2?local=0",{
 "network" => $network,
-    "role_id" => $id,
+    "role_id" => "".$id,
 "ip"  => $srcip
 });
 }


Regards

Fabrice


Le 19-04-25 à 13 h 16, Thomas OLIVIER via PacketFence-users a écrit :

Hi All,

There is an issue on my fresh install of PF with Debian 9.

With inline mode all is fine until i want to login, after validate 
the login form i get a lots of errors in the log and ipset is not 
update.



Is it a bug ?



Thomas.



Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] Instantiate profile 
TEMPLATE (pf::Connection::ProfileFactory::_from_profile)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] No provisioner 
found for 00:90:4b:6a:5c:39. Continuing. 
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] User cj-1023 has 
authenticated on the portal. (Class::MOP::Class:::after)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] security_event 
133 force-closed for 00:90:4b:6a:5c:39 
(pf::security_event::security_event_force_close)
Apr 25 18:56:13 portailcaptif-wifi packetfence_httpd.portal: 
httpd.portal(71675) INFO: [mac:00:90:4b:6a:5c:39] Instantiate profile 
TEMPLATE

Re: [PacketFence-users] Avaya ERS 3500 Vlan issue

2019-04-29 Thread Nicolas Quiniou-Briand via PacketFence-users 

Hello Adrian,

1. What PacketFence displays in Audit log for a RADIUS request sent by 
your Avaya switch ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to avoid Anonymous identity.... 802.1x/radius issue

2019-04-29 Thread Nicolas Quiniou-Briand via PacketFence-users 

Hello,

On 2019-04-28 9:53 p.m., Enrico via PacketFence-users wrote:

  Dear all,

I’ve been writing lots of emails to this list, but I think this one is a 
very important one, because I’d like to find better information about 
the question of access logging.


Packetfence is a software that allows a web access following an 
authentication.


No, it's a bit more complex. PacketFence will grant access to the 
network after an authentication and an authorization steps. PacketFence 
relies on FreeRADIUS, so it's a AAA server.


If the user doesn’t write his/her own username in the Identity field, 
but rather specifies “anonymous” or something similar, PacketFence 
records this information and then I can’t associate the connected 
supplicant to the username that logged in.


This mean you didn't configure correctly PacketFence.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

2019-04-29 Thread pro fence via PacketFence-users 
HI,

my packetfence server is not listening on port 80 on the management
interface (and my portal is on that interface as per the installation
guide), but it is listening on registration and isolation.
changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless because
it is lost on restart.

How can i add listening directives (on port 80 and 443) for my management
ip ?

Regards

On Fri, 19 Apr 2019 at 19:01, pro fence  wrote:

> Hi,
>
> so, i found out that when i send a ping request to my packetfence server’s
> ip address (so the management interface) there is a time out because
> packetfence has created a route on the server for the registration Vlan
> with a 0.0.0.0 gateway :
>
> removing this route i am able to ping the server. on restart packetfence
> recreates that same route. all the other vlan are reachable except for the
> registration.
>
> thanks in advance for any help that i can get.
> Regards
>
> On Thursday, 18 April 2019, Ludovic Zammit  wrote:
>
>> Perfect :)
>>
>> Have a nice day!
>>
>>
>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>>
>>
>>
>> On Apr 18, 2019, at 4:45 AM, pro fence  wrote:
>>
>> So i think i found the problem : communication problem beetween the vlan
>> and the packetfence server's network.
>>
>> Thanks again Ludovic for taking the time to help me 
>>
>> regards,
>>
>>
>> On Thu, 18 Apr 2019 at 09:58, pro fence  wrote:
>>
>>> yes i already tried that, thanks Ludovic.
>>>
>>> If anyone else had already stumbled on this issue, please let me know
>>>
>>> Regards,
>>>
>>> On Wed, 17 Apr 2019 at 18:59, Ludovic Zammit  wrote:
>>>
 You can do a portal preview via the connection profile section on the
 Packetfence web admin.

 Thanks

 On Apr 17, 2019, at 12:22 PM, pro fence  wrote:

 ok, thnk you for your help.
 one last question, do you know if there is a way to test the
 redirection url on the packetfence server ? because i don’t know exactly
 what the final working redirected url should look like ?

 because i dont’t think that a wget on
 http://packetfence_server/Cisco_WLC/sid







 On Wednesday, 17 April 2019, Ludovic Zammit  wrote:

> Those kind of issues are hard to troubleshoot.
>
> It would require a session to check all the configuration and the
> behaviour in real time as well.
>
> Thanks,
>
>
> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
>
>
> On Apr 17, 2019, at 11:33 AM, pro fence  wrote:
>
> HI,
>
> it's on, the only difference is the DHCP, i have none, and per the
> logs above, an ip address is provided for the client. i have cisco wlc 
> 5508
> ios 8.3.141.0
>
> 
>
> Thank you Ludovic,
>
> On Wed, 17 Apr 2019 at 17:07, Ludovic Zammit 
> wrote:
>
>> Hello,
>>
>> Make sure you have the “Cisco ISE” or “Radius NAC” support enable on
>> your SSID config
>>
>> 
>>
>> Thanks,
>>
>>
>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>>
>>
>>
>> On Apr 17, 2019, at 10:13 AM, pro fence  wrote:
>>
>> Hi,
>>
>> no nothing in httpd.portal.access nor  httpd.portal.error
>>
>> Thanks in advance for your help
>> Regards,
>>
>> On Wed, 17 Apr 2019 at 15:33, Ludovic Zammit 
>> wrote:
>>
>>> Hello,
>>>
>>> Do you see something in the logs/httpd.portal.access regarding your
>>> connection ?
>>>
>>> Thanks,
>>>
>>>
>>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>>> www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
>>> PacketFence (http://packetfence.org)
>>>
>>>
>>>
>>>
>>>
>>> On Apr 17, 2019, at 8:46 AM, pro fence  wrote:
>>>
>>> Hi Ludovic,
>>>
>>> thank you for your reply.
>>>
>>> Yes, on the management interface, the portal is added as an
>>> additionnal listening daemon.
>>> I think that it's an ACL issue on the WLC 5508; i have followed the
>>> network guide and here is what i have so far :
>>>
>>> 
>>>
>>> Thank you in advance,
>>> Regards,
>>>
>>>
>>> On Wed, 17 Apr 2019 at 13:55, Ludovic Zammit 
>>> wrote:
>>>
 Hello,

 You can ignore the inline message, it’s a Packetfence internal.

 Maybe your ACL Pre-Auth-For-WebRedirect is not configured

[PacketFence-users] Browser violation

2019-04-29 Thread Leandro Ude via PacketFence-users 
Hello all, I'm having problems setting a browser violation  (The goal is to
block chrome)

In violations.conf.example  it says:  "Trigger format: The number is the ID
of the user-agent from the 'User Agent' list in Fingerbank (either
'upstream' or 'local' or both)""

And shows as an example :

   86 trigger=USER_AGENT::101,USER_AGENT::102


I'm having problem trying to find those  IDs either local or upstream,

https://fingerbank.inverse.ca/combinations  doesn't show any ID
and local is empty


Which browser correspond to 101 and 102?,

If I want to block chrome , what IDs should use?, and where can I get this
information from?

Thanks
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] How to avoid Anonymous identity.... 802.1x/radius issue

2019-04-29 Thread Enrico via PacketFence-users 

 Dear all,

I’ve been writing lots of emails to this list, but I think this one is a 
very important one, because I’d like to find better information about 
the question of access logging.


Packetfence is a software that allows a web access following an 
authentication. Logging of these accesses is a very important question 
for me. Every log must be done in the correct way, always. In order to 
make a test, I created a profile for a cabled net which uses Free Radius 
as an authentication backend. Then there are some ProCurve switches, set 
up with 802.1X.


Acces to the production V-Lan is achieved through PacketFence, which, 
after authentication, assigns a tag to the port where the user comes 
from. The supplicant is set up with 802.1X.


It’s paramount for me to log these accesses through PacketFence. From 
what I saw, this software records everything inside its database and 
visualizes informations through a Web interface. Unfortunately, these 
informations aren’t always the ones I want. In my case, in 
fact,PacketFence actually “trusts” whatever the user writes in his/her 
own client configuration. 802.1X, as you know, asks to specify an 
identity and a username.


If the user doesn’t write his/her own username in the Identity field, 
but rather specifies “anonymous” or something similar, PacketFence 
records this information and then I can’t associate the connected 
supplicant to the username that logged in.


The possibility of distinguishing between Identity and Username, outer 
and inner tunnel, is well known and it’s useful in case of federate 
authentications. In my case, though, it can be dangerous. To solve this 
situation I introduced Ldap: specifically, I tried to create a network 
profile with backend Ldap and to set up a Switch with 802.1X by using 
Packetfence as Freeradius server. But in this case, too, both in logs 
and in the dashboard I can see the identity, but not the username.


Has anyone solved this problem?

Thanks again for your help.
Best Regards
Enrico


--
___

Enrico BecchettiServizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchettipg.infn.it
___

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users