Re: [PacketFence-users] SG300 port showing up wrong

[Stuart Gendron via PacketFence-users]

Correct - it seems that the proper port for the SG300 switches is n-48
(where 48 is however many ports it has).

Is this a global change, or can be tied to the device profile itself?

On Tue, May 21, 2019 at 12:36 PM Fabrice Durand  wrote:

> Hello Stuart,
>
> yes it's possible but when you plug in the port 2 is it the port 50 who
> appear in the log ?
>
> Regards
>
> Fabrice
>
>
> Le 19-05-21 à 11 h 42, Stuart Gendron a écrit :
>
> Logs below:
>
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
> connection (106): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
> connection (108): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
> connection (107): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
> connection (105): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
> additional connection (109), 1 of 64 pending slots used
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more connections
> to reach min connections (3)
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
> additional connection (110), 1 of 63 pending slots used
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
> connection (98): Hit idle_timeout, was idle for 431989 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
> connection (97): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
> connection (99): Hit idle_timeout, was idle for 431977 seconds
> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
> additional connection (100), 1 of 64 pending slots used
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more connections
> to reach min connections (3)
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
> additional connection (101), 1 of 63 pending slots used
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more connections
> to reach min connections (3)
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
> additional connection (111), 1 of 62 pending slots used
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac]
> Rejected user: 0c4de9b923ac
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected in
> post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli
> 0c:4d:e9:b9:23:ac)
> May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login incorrect:
> [0c4de9b923ac] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more connections
> to reach 10 spares
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
> additional connection (112), 1 of 61 pending slots used
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more connections
> to reach min connections (3)
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
> additional connection (102), 1 of 62 pending slots used
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106)   Login OK:
> [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac via
> TLS tunnel)
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac]
> Accepted user: testradius and returned VLAN 88
> May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login OK:
> [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)
>
> Looks like it's also sending port 49.
>
> Is there somewhere to make a modification where I can say $Port = $Port -
> 48 or something?
>
> On Thu, May 16, 2019 at 9:27 PM Durand fabrice  wrote:
>
>> Hello Stuart,
>>
>> it looks that the port is set to 49 in the radius request:
>>
>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request:
>> from switch_ip => (10.100.64.67), connection_type =>
>> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
>> [78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74"
>> (pf::radius::authorize)
>>
>> Are you able to check in the radius auditing what is the radius request
>> (with all the attributes) and paste it to me ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>> Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :
>>
>> Logs below:
>>
>> [root@youi-packetfence-p1 ~]# tail -f
>> /usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74
>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request:
>> from switch_ip => (10.100.64.67), connection_type =>
>> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
>> [78:7b:8a:d3:ae:74], port => 49, username => 

Re: [PacketFence-users] SG300 port showing up wrong

[Durand fabrice via PacketFence-users]

So you can just change this line:

https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/SG300.pm#L91

with that:

return $NAS_port - 48;

My only concert is about other sg300 switches with let's say 24 port 

Last thing, can you do a snmpwalk on the oid 1.3.6.1.2.1.2.2.1.2 and 
paste the result ?


Regards

Fabrice


Le 19-05-21 à 13 h 24, Stuart Gendron a écrit :
Correct - it seems that the proper port for the SG300 switches is n-48 
(where 48 is however many ports it has).


Is this a global change, or can be tied to the device profile itself?

On Tue, May 21, 2019 at 12:36 PM Fabrice Durand > wrote:


Hello Stuart,

yes it's possible but when you plug in the port 2 is it the port
50 who appear in the log ?

Regards

Fabrice


Le 19-05-21 à 11 h 42, Stuart Gendron a écrit :

Logs below:

May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (106): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (108): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (107): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (105): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (109), 1 of 64 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more
connections to reach min connections (3)
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (110), 1 of 63 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (98): Hit idle_timeout, was idle for 431989
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (97): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (99): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (100), 1 of 64 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (101), 1 of 63 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (111), 1 of 62 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]:
[mac:0c:4d:e9:b9:23:ac] Rejected user: 0c4de9b923ac
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected
in post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49
cli 0c:4d:e9:b9:23:ac)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login
incorrect: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more
connections to reach 10 spares
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (112), 1 of 61 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more
connections to reach min connections (3)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (102), 1 of 62 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106)   Login
OK: [testradius] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac via TLS tunnel)
May 21 11:40:02 youi-packetfence-p1 auth[25948]:
[mac:0c:4d:e9:b9:23:ac] Accepted user: testradius and returned
VLAN 88
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login
OK: [testradius] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)

Looks like it's also sending port 49.

Is there somewhere to make a modification where I can say $Port =
$Port - 48 or something?

On Thu, May 16, 2019 at 9:27 PM Durand fabrice
mailto:fdur...@inverse.ca>> wrote:

Hello Stuart,

it looks that the port is set to 49 in the radius request:

May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius
autz request: from switch_ip => (10.100.64.67),
connection_type => Ethernet-NoEAP,switch_mac =>
(88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49,
username => "787b8ad3ae74" 

Re: [PacketFence-users] SG300 port showing up wrong

[Fabrice Durand via PacketFence-users]

Hello Stuart,

yes it's possible but when you plug in the port 2 is it the port 50 who 
appear in the log ?


Regards

Fabrice


Le 19-05-21 à 11 h 42, Stuart Gendron a écrit :

Logs below:

May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Closing connection (106): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Closing connection (108): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Closing connection (107): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Closing connection (105): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Opening additional connection (109), 1 of 64 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more 
connections to reach min connections (3)
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Opening additional connection (110), 1 of 63 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Closing connection (98): Hit idle_timeout, was idle for 431989 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Closing connection (97): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Closing connection (99): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Opening additional connection (100), 1 of 64 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more 
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Opening additional connection (101), 1 of 63 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more 
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Opening additional connection (111), 1 of 62 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: 
[mac:0c:4d:e9:b9:23:ac] Rejected user: 0c4de9b923ac
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected in 
post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli 
0c:4d:e9:b9:23:ac)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login 
incorrect: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli 
0c:4d:e9:b9:23:ac)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more 
connections to reach 10 spares
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql): 
Opening additional connection (112), 1 of 61 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more 
connections to reach min connections (3)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest): 
Opening additional connection (102), 1 of 62 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106) Login OK: 
[testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac 
via TLS tunnel)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: 
[mac:0c:4d:e9:b9:23:ac] Accepted user: testradius and returned VLAN 88
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login OK: 
[testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)


Looks like it's also sending port 49.

Is there somewhere to make a modification where I can say $Port = 
$Port - 48 or something?


On Thu, May 16, 2019 at 9:27 PM Durand fabrice > wrote:


Hello Stuart,

it looks that the port is set to 49 in the radius request:

May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz
request: from switch_ip => (10.100.64.67), connection_type =>
Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
[78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74"
(pf::radius::authorize)

Are you able to check in the radius auditing what is the radius
request (with all the attributes) and paste it to me ?

Regards

Fabrice


Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :

Logs below:

[root@youi-packetfence-p1 ~]# tail -f
/usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius
autz request: from switch_ip => (10.100.64.67), connection_type
=> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
[78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74"
(pf::radius::authorize)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:

Re: [PacketFence-users] SG300 port showing up wrong

[Stuart Gendron via PacketFence-users]

Logs below:

May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
connection (106): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
connection (108): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
connection (107): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing
connection (105): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
additional connection (109), 1 of 64 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more connections to
reach min connections (3)
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
additional connection (110), 1 of 63 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
connection (98): Hit idle_timeout, was idle for 431989 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
connection (97): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing
connection (99): Hit idle_timeout, was idle for 431977 seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
additional connection (100), 1 of 64 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more connections to
reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
additional connection (101), 1 of 63 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more connections to
reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
additional connection (111), 1 of 62 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac]
Rejected user: 0c4de9b923ac
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected in
post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login incorrect:
[0c4de9b923ac] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more connections to
reach 10 spares
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening
additional connection (112), 1 of 61 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more connections to
reach min connections (3)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening
additional connection (102), 1 of 62 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106)   Login OK:
[testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac via
TLS tunnel)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac]
Accepted user: testradius and returned VLAN 88
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login OK:
[testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)

Looks like it's also sending port 49.

Is there somewhere to make a modification where I can say $Port = $Port -
48 or something?

On Thu, May 16, 2019 at 9:27 PM Durand fabrice  wrote:

> Hello Stuart,
>
> it looks that the port is set to 49 in the radius request:
>
> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: httpd.aaa(6346)
> INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: from switch_ip
> => (10.100.64.67), connection_type => Ethernet-NoEAP,switch_mac =>
> (88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49, username =>
> "787b8ad3ae74" (pf::radius::authorize)
>
> Are you able to check in the radius auditing what is the radius request
> (with all the attributes) and paste it to me ?
>
> Regards
>
> Fabrice
>
>
> Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :
>
> Logs below:
>
> [root@youi-packetfence-p1 ~]# tail -f /usr/local/pf/logs/packetfence.log|
> grep 78:7b:8a:d3:ae:74
> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: httpd.aaa(6346)
> INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: from switch_ip
> => (10.100.64.67), connection_type => Ethernet-NoEAP,switch_mac =>
> (88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49, username =>
> "787b8ad3ae74" (pf::radius::authorize)
> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: httpd.aaa(6346)
> INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile default
> (pf::Connection::ProfileFactory::_from_profile)
> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: httpd.aaa(6346)
> INFO: [mac:78:7b:8a:d3:ae:74] Match rule mac_lan:unknown_wired_mac_auth
> (pf::access_filter::test)
> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: httpd.aaa(6346)
> INFO: [mac:78:7b:8a:d3:ae:74] vlan filter match ; belongs into REJECT VLAN
> 

[PacketFence-users] Packetfence 8.3 - AD source causes Radius go down

[pro fence via PacketFence-users]

Hi,

after adding a new Active directory authentication source, the radius
services (acct and auth) are unable to restart, despite the fact that the
connection binding test succeeds in the authentication source (my user only
has the read right), i get the following error message :

rlm_ldap (AciveDirectory): Bind credentials incorrect: Invalid
credentialsrlm_ldap (AciveDirectory): Opening connection failed (0)
/usr/local/pf/raddb/mods-enabled/ldap_packetfence[5]: Instantiation failed
for module "AciveDirectory"

Do you have any idea ?
Any help is welcome,
Regards,
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] captive portal customization

[Domingos Varela via PacketFence-users]

Hi Nicolas,

1. I uploaded the logo in the folder you indicated,

2. but after changing the url in connection profile (through Captive Portal
tab) it does not show the logo;
I used this path in the url
/usr/local/pf/html/common/mylogo.png

Thanks

Cumprimentos,

*Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola


Nicolas Quiniou-Briand via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu no dia terça, 21/05/2019
à(s) 09:06:

> Hello,
>
> On 2019-05-20 4:11 p.m., Domingos Varela via PacketFence-users wrote:
> > Hi,
> >
> > Can someone help me customize the captive portal logo and the background
> > color, I tried via webpage to change the url of the logo, but it does
> > not work, is there another way to add the logo on the portal?
> > Thanks
>
> ### Logo
>
> 1. Upload your logo in /usr/local/pf/html/common
> 2. Use this logo in your connection profile (through Captive Portal tab)
>
> ### Background color
>
> On your connection profile, edit layout.html file and change
> background-color.
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] captive portal customization

[Domingos Varela via PacketFence-users]

It's working,
many thanks Nicolas
BR

Cumprimentos,

*Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola


Nicolas Quiniou-Briand  escreveu no dia terça, 21/05/2019
à(s) 09:51:

> Hi,
>
> On 2019-05-21 10:45 a.m., Domingos Varela wrote:
> > I used this path in the url /usr/local/pf/html/common/mylogo.png
>
> Replace by /common/mylogo.png
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] captive portal customization

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 2019-05-21 10:45 a.m., Domingos Varela wrote:

I used this path in the url /usr/local/pf/html/common/mylogo.png


Replace by /common/mylogo.png
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] captive portal customization

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 2019-05-20 4:11 p.m., Domingos Varela via PacketFence-users wrote:

Hi,

Can someone help me customize the captive portal logo and the background 
color, I tried via webpage to change the url of the logo, but it does 
not work, is there another way to add the logo on the portal?

Thanks


### Logo

1. Upload your logo in /usr/local/pf/html/common
2. Use this logo in your connection profile (through Captive Portal tab)

### Background color

On your connection profile, edit layout.html file and change 
background-color.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unable to manually apply a custom violation (security event) to a node

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Andrew,

On 2019-05-20 5:03 p.m., Torry, Andrew via PacketFence-users wrote:

This does not work in 9.0 as the onloy SE’s that show up in the list
of options are the built-in ones.


You're right, thanks. I report the issue here: 
https://github.com/inverse-inc/packetfence/issues/4550


As a workaround, you can switch to old admin by using button located in 
the upper right-hand area.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] captive portal customization

[Domingos Varela via PacketFence-users]

Hi,

Can someone help me customize the captive portal logo and the background
color, I tried via webpage to change the url of the logo, but it does not
work, is there another way to add the logo on the portal?
Thanks

BR

Cumprimentos,

*Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Unable to manually apply a custom violation (security event) to a node

[Torry, Andrew via PacketFence-users]

Hi folks,

I have been playing with 9.0 and migrating our existing configs to it prior to 
deployment and noticed a few things.

We have a violation (SE) that our Accommodation services department uses to 
throw non-paying students off of
the RESNET network and up until now they simply highlight the user and apply 
the violation.
This does not work in 9.0 as the onloy SE’s that show up in the list of options 
are the built-in ones.

I have change the IDs to match the new ‘custom range’ of 140-149 so it 
aint that.

Extract from security_events.conf:-

[140]
priority=3
actions=email_admin,reevaluate_access
desc=Overdue Hall Fees
enabled=Y
template=nonpayment
window=dynamic
max_enable=24
grace=30m
target_category=registration
vlan=registration
redirect_url=/common/NonPayment.html
auto_enable=N
trigger=
access_duration=12h

Any ideas.

Andrew Torry




Andrew Torry

Senior Infrastructure Engineer



Tel: 01326 370760

Email: andrew.to...@fxplus.ac.uk




[cid:image5978e2.PNG@e6e271c9.41855cf4]
[Falmouth Exeter Plus]  
[cid:image48bfc7.PNG@eb5e4d34.49b88626]


[Twitter]   [Facebook] 
[Instagram] 
 [YouTube] 


[cid:image35e509.PNG@39e16ec4.4ba0e861]


[Falmouth University]

Falmouth Exeter Plus is an exempt charity established by Falmouth University 
and the University of Exeter to deliver their shared Higher Education services 
in Cornwall.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal Not Working

[Ibrahim Lubis via PacketFence-users]

Hi Nico,

1. I get dhcp address, I see a Mac in nodes
2.  From what source ? If I ping from reg vlan I got reply, which is the
int reg gateway.

Btw I got errror from haproxy_portal.log nosrv, and there's error no
backend server

Thx


On Mon, May 20, 2019, 6:28 PM Nicolas Quiniou-Briand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Ibrahim,
>
> 1. Did you get IP address in 10.10.26.0/24 network when your devices are
> unregistered ?
>
> 2. If yes, are you able to reach captive portal from this subnet
> (http://pf01.trumpet.org) ?
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Per AP VLAN assignment

[Domingos Varela via PacketFence-users]

Hi,

I think you have the solution here.

https://packetfence.org/support/faq/custom-vlan-assignment-behavior.html

Thanks

Cumprimentos,

*Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola


Nicolas Quiniou-Briand via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu no dia segunda,
20/05/2019 à(s) 12:32:

> On 2019-05-20 1:29 p.m., Enrico Pasqualotto wrote:
> > Thanks, I'll try it.
> > any chance to manage it through the admin GUI? I'm sure customer ask me
> > that :-)
>
> Already the case ! Go in Configuration -> Advanced Access Configuration
> -> Filter engines
>
> I will add more details in docs.
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users