Re: [PacketFence-users] Radius Integrations with Packetfence

2019-07-04 Thread Durand fabrice via PacketFence-users 

Hello Alina,


what are you trying to achieve exactly ?

We can do a full of stuff with PacketFence but i need more information 
to reply correctly.



Regards

Fabrice


Le 19-07-04 à 01 h 50, Alina Haider via PacketFence-users a écrit :

Hi,
Thanks  for your reply. Please can you tell me that how we can connect 
switch with Third party radius server?.
Secondly what is Radius Proxy?Is Radius Proxy is a method to integrate 
Third party Radius server with PacketFence?.


Regards,
Alina Haider

*From:* Durand fabrice via PacketFence-users 


*Sent:* Thursday, July 4, 2019 5:56 AM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Durand fabrice
*Subject:* Re: [PacketFence-users] Radius Integrations with Packetfence

Hello Alina,

there is no need to change anything in this section to make radius 
working.


The only thing you need to have is the switch configuration and the 
radius shared secret defined.



With that you will be able to send radius access request to 
packetfence from the AP/Controller/Switch.



Regards

Fabrice


Le 19-06-26 à 07 h 39, Alina Haider via PacketFence-users a écrit :

Hey,
I am new to Packetfence and till now I configured the packetfenc on 
my machine.Now I want to integrate FreeRadius server with packetfence 
server and I installed the packetfence with radius enforcement.I am 
attaching the image of radius configuration page can you please tell 
me from where I will get the data to fill those fields present on 
image. Thanks in advance.


Regards,
Alina Haider


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net  

https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Manual device registration to allow it to the network

2019-07-04 Thread Durand fabrice via PacketFence-users 


Le 19-07-04 à 03 h 05, E.P. a écrit :


Hi Fabrice,

I’ll definitely try this method. For now I want to understand the 
logic of an endpoint authentication and authorization via RADIUS/801.x 
as there’s something that works different from how I expected (or 
rather doesn’t work)


Here’s a story. A user successfully authenticates against AD and I see 
this event in radius.log


Jul  4 06:34:25 PacketFence-ZEN auth[11338]: [mac:c4:9d:ed:8c:11:03] 
Accepted user: OPTIONS\it.tech and returned VLAN 2


Jul  4 06:34:25 PacketFence-ZEN auth[11338]: (177) Login OK: 
[OPTIONS\it.tech] (from client 172.19.254.2 port 0 cli c4:9d:ed:8


c:11:03)


Yes ntlm_auth worked and packetfence return the vlan 2.


This VLAN 2 is set in registration under Roles in the switch. Ok, may 
be this is how it supposed to work before the endpoint is registered 
as opposed to the VLAN 10 which should be assigned upon device 
registration.


But can anyone explain me why the endpoint receives an IP address from 
the local DHCP server. This DHCP server listens on the sub-interface 
for this VLAN 10.


It looks that your ssid/port is mapped to the vlan 10 and there is no 
dynamic vlan assignment or maybe the vlan 2 is not defined (check the 
AP/controller/switch config).


What equipment are you using ?

So what I see is that an endpoint receives an IP address but it can’t 
reach an IP address of its default gateway.




Ok once again, I don’t have any problem to manually register this 
endpoint and assign a specific role.


Having it done the endpoint gets online only after I reconnect it on 
the endpoint itself or via the wireless controller.




This behavior is observed on Windows 10 and it took quite a long time 
(about a minute) to authenticate and get an IP address without getting 
online.


But it doesn’t work at all for Mac OS and mobile devices (Apple iPads 
and Android tabs), namely, same registration VLAN 2 is assigned as per 
radius.log but an endpoint can’t receive an IP address via DHCP.


If it is OS specific behavior and I can’t do anything about it then 
it’s OK again but I want to make it work smooth and fast.


The target role for all endpoints that should be allowed to connect 
via this specific SSID is Staff and I’m assigning this role in the 
authentication rule for a specific authentication source.


The result of the test authentication for a user confirm it:

./pftest authentication it.tech 

Authenticating against 'OPTIONS-AD-SOURCE' in context 'admin'

Authentication SUCCEEDED against OPTIONS-AD-SOURCE (Authentication 
successful.)


  Matched against OPTIONS-AD-SOURCE for 'authentication' rules

set_unreg_date : 2019-12-31 11:53:24

    set_role : Staff

What’s the point of assigning this role by a rule if in reality an 
endpoint doesn’t get assigned the required VLAN ID upon successful 
authentication against a specific SSID ?


Should I forget about VLAN 10 that is assigned to Staff role and only 
assign VLAN 10 to registration ?


Ok so for 802.1x you need to choose between having the captive portal to 
register or auto register the device and assign the role based on the rule.


So let's says your ssid name is BOB , then create a connection profile 
with inside a filter SSID = BOB and add the OPTIONS-AD-SOURCE and check 
autoregister device.


In this case any device that successfully authenticate with 802.1x  will 
be autoreg and the role will be computed by the source  OPTIONS-AD-SOURCE.


Now let's take the case that you want to see the portal to register, you 
just have to uncheck the option autoreg devces.



Now regarding the registration vlan, this vlan is managed by packetfence 
(pf is the dhcp/dns/default GW) and packetfence needs to have a 
interface in this vlan and this vlan needs to be spanned on the network.


So when packetfence reply with the vlan 2 then the device will do a dhcp 
discover and it will be the packetfence's dhcp server that will reply 
(it's not managed by your dhcp/dns/...).




Eugene

*From:*Durand fabrice via PacketFence-users 


*Sent:* Wednesday, July 03, 2019 5:52 PM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Durand fabrice 
*Subject:* Re: [PacketFence-users] Manual device registration to allow 
it to the network


Hello Eugene,

it's something really easy to do.

First in the switch config assign -1 to the registration role (it will 
reject the device that is not reg) and assign the correct vlan id for 
the other roles.


Next create a connection profile with a filter that match the ssid and 
don't assign any sources.


And at the end register the device you want and assign a role manually.

That's it.

Regards

Fabrice

Le 19-07-03 à 14 h 44, E.P. via PacketFence-users a écrit :

Now I’m getting confused after trying to understand RADIUS
enforcement.

Reading the document that says:

Using RADIUS enforcement, everytime a device connects to the
network, a matching production VLAN will be assigned, depending on
the rules in

Re: [PacketFence-users] Portal Err_Connection_Closed

2019-07-04 Thread Durand fabrice via PacketFence-users 

Hello Domingos,

for me it looks to be an issue with the acl you defined in the WLC.

Regards

Fabrice


Le 19-07-04 à 11 h 56, Domingos Varela via PacketFence-users a écrit :

Hi,

I installed the new version PacketFence 9.0.1 and I am having 
difficulties because the portal did not open, I am having errors;


https:///Cisco::WLC/sid396172?

net :: ERR_CONNECTION_CLOSED

I am using Cisco wlc 5508 version 8.0.152.0
Has anyone ever had this problem?

Thanks
BR

Cumprimentos,*

Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Portal Err_Connection_Closed

2019-07-04 Thread Domingos Varela via PacketFence-users 
Hi,

I installed the new version PacketFence 9.0.1 and I am having difficulties
because the portal did not open, I am having errors;

https:///Cisco::WLC/sid396172?

net :: ERR_CONNECTION_CLOSED

I am using Cisco wlc 5508 version 8.0.152.0
Has anyone ever had this problem?

Thanks
BR

Cumprimentos,

*Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] dhcp configuration example for PF - webauth captive portal

2019-07-04 Thread Casagrande Roberto, SEDE CENTRALE - GUBBIO, Colacem S.p.A. via PacketFence-users 
Hello All,
I need a example how to configure in PF the dhcpserver.
My PF used for authenticated access to internet:
-  Only one interface is confivured without interface vlan
-  If i use an external dhcp we don't have a problem (but I want 
delete windows dhcp server)

I saw and try this guide:
https://packetfence.org/doc/PacketFence_Administration_Guide#_production_dhcp_access
start capitol 13.9. Production DHCP access

the serverPF would be handle some networks (vlan) with dhcpserver:
-  Registration (vlan before authentication)
-  Guest (vlan after authentication and who can go to the internet)
-  Vip,internal,VOiP,staff... ( others vlan that not required PF 
feature, so serverPF must delivery the ip address, sunbnet,gw dns , to the 
client)

Thanks a lot for support
Roberto






Roberto Casagrande
Network Manager
Direzione Sistemi Informativi e Telematici
[cid:image009.png@01D2A950.D6A8F300]
Via della Vittorina, 60
06024 Gubbio (PG)


www.colacem.it

Rispetta l'ambiente: non stampare questa mail se non è strettamente necessario.


=
Le informazioni contenute in questa comunicazione e gli eventuali documenti 
allegati hanno carattere confidenziale e sono a uso esclusivo del destinatario. 
Nel caso questa comunicazione Vi sia pervenuta per errore, Vi informiamo che la 
sua diffusione e riproduzione è contraria alla legge e preghiamo di darci 
prontamente avviso e di cancellare quanto ricevuto.
Grazie. 
This e-mail message and any files transmitted with it contain confidential 
information intended only for the person(s) to whom it is addressed. If you are 
not the intended recipient, you are hereby notified that any use or 
distribution of this e-mail is strictly prohibited: please notify the sender 
and delete the original message.
Thank you.
==___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SNMP switch info not populating Location

2019-07-04 Thread Mike McGeer via PacketFence-users 
Interesting if I switch to old Admin I see my switches.

Michael JA McGeer
Operation and Systems Manager
Afrisam (South Africa)(Pty) Ltd
Phone 011 670 5734
Fax 011 670 5234
Cell 0837019991

To view AfriSam's legal disclaimer, please go to 
http://www.afrisam.co.za/legal/terms-of-use



-Mike McGeer/SSC/ZAF/AfriSam wrote: -
To: packetfence-users@lists.sourceforge.net
From: Mike McGeer/SSC/ZAF/AfriSam
Date: 04/07/2019 9:31
Cc: "Durand fabrice" 
Subject: Re: [PacketFence-users] SNMP switch info not populating Location

Hi Fabrice,

Thanks I ran the pf-maint.pl answered yes to all, and all my switch configs 
disappeared.

Regards

Michael JA McGeer
Operation and Systems Manager
Afrisam (South Africa)(Pty) Ltd
Phone 011 670 5734
Fax 011 670 5234
Cell 0837019991

To view AfriSam's legal disclaimer, please go to 
http://www.afrisam.co.za/legal/terms-of-use



-"Durand fabrice via PacketFence-users" 
 wrote: -
To: packetfence-users@lists.sourceforge.net
From: "Durand fabrice via PacketFence-users" 

Date: 04/07/2019 2:39
Cc: "Durand fabrice" 
Subject: Re: [PacketFence-users] SNMP switch info not populating Location

   Hello Mike,
 you need to run pf-maint.pl , it's a bug that has been fixed.
 Regards
 Fabrice
 
 
 
Le 19-07-03 à 07 h 02, Mike McGeer via   PacketFence-users a écrit :
 
Hi all. 


All I wan't it to use VLAN enforcement without Radius for now.  
   


I am struggling with the following, SNMP traps are populating the 
SNMP logs. 
I can manually change the switch port to registration and it is 
receiving a DHCP ip. 
However I cannot change the Node as the location information from 
the switch is not being populated. 


>From the packet logs I see a lot of "Can't locate object method 
>"new" via package "pf::task::pfsnmp_parsing" 


How do I fix the or is this normal. 




extract from snmpdtrap logs 


   2019-07-03|10:57:37|UDP: 
[172.14.0.52]:161->[172.14.7.100]:162|172.14.0.52|BEGIN TYPE 3 END  
   TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.2.1.2.2.1.1.100 = INTEGER: 
100|.1.3.6.1.2.1.2.2.1.7.100 = INTEGER: 
up(1)|.1.3.6.1.2.1.2.2.1.8.100 = INTEGER: 
up(1)|.1.3.6.1.2.1.2.2.1.2.100 = STRING: 
E4|.1.3.6.1.2.1.31.1.1.1.18.100 = STRING:  END VARIABLEBINDINGS
perl callback function 0x7f838b208d98 returns 1
   2019-07-03|10:57:38|UDP: 
[172.14.0.52]:161->[172.14.7.100]:162|172.14.0.52|BEGIN TYPE 2 END  
   TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.2.1.2.2.1.1.100 = INTEGER: 
100|.1.3.6.1.2.1.2.2.1.7.100 = INTEGER: 
down(2)|.1.3.6.1.2.1.2.2.1.8.100 = INTEGER: 
down(2)|.1.3.6.1.2.1.2.2.1.2.100 = STRING: 
E4|.1.3.6.1.2.1.31.1.1.1.18.100 = STRING:  END VARIABLEBINDINGS
perl callback function 0x7f838b208d98 returns 1
   
   
extract from packetfence   logs
   
 
   Jul  3 12:59:59 PacketFence pfdhcp[24820]:   
  t=2019-07-03T12:59:59+0200 lvl=info msg="DHCPREQUEST for 
10.0.100.135 from d8:cb:8a:20:b7:e3 (GTN-SS-W679)" pid=24820 
mac=d8:cb:8a:20:b7:e3
   Jul  3 12:59:59 PacketFence pfdhcp[24820]:   
  t=2019-07-03T12:59:59+0200 lvl=info msg="DHCPACK on 
10.0.100.135 to d8:cb:8a:20:b7:e3 (GTN-SS-W679)" pid=24820 
mac=d8:cb:8a:20:b7:e3
   Jul  3 13:00:01 PacketFence pfqueue: pfqueue(3317) 
ERROR: [mac:unknown] Can't locate object method "new" via   
  package "pf::task::pfsnmp_parsing" at 
/usr/local/pf/lib/pf/pfqueue/consumer/redis.pm line 133.
  
(pf::pfqueue::consumer::redis::process_next_job)
  




   

  


Michael JA McGeer 
Operation and Systems Manager 
Afrisam (South Africa)(Pty) Ltd 
Phone 011 670 5734 
Fax 011 670 5234 
Cell 0837019991 


To view AfriSam's legal disclaimer, please go to 
http://www.afrisam.co.za/legal/terms-of-use

Re: [PacketFence-users] Manual device registration to allow it to the network

2019-07-04 Thread E.P. via PacketFence-users 
Hi Fabrice,

I’ll definitely try this method. For now I want to understand the logic of an 
endpoint authentication and authorization via RADIUS/801.x as there’s something 
that works different from how I expected (or rather doesn’t work)

Here’s a story. A user successfully authenticates against AD and I see this 
event in radius.log

 

Jul  4 06:34:25 PacketFence-ZEN auth[11338]: [mac:c4:9d:ed:8c:11:03] Accepted 
user: OPTIONS\it.tech and returned VLAN 2

Jul  4 06:34:25 PacketFence-ZEN auth[11338]: (177) Login OK: [OPTIONS\it.tech] 
(from client 172.19.254.2 port 0 cli c4:9d:ed:8

c:11:03)

 

This VLAN 2 is set in registration under Roles in the switch. Ok, may be this 
is how it supposed to work before the endpoint is registered as opposed to the 
VLAN 10 which should be assigned upon device registration.

But can anyone explain me why the endpoint receives an IP address from the 
local DHCP server. This DHCP server listens on the sub-interface for this VLAN 
10. 

So what I see is that an endpoint receives an IP address but it can’t reach an 
IP address of its default gateway.

Ok once again, I don’t have any problem to manually register this endpoint and 
assign a specific role.

Having it done the endpoint gets online only after I reconnect it on the 
endpoint itself or via the wireless controller.

 

This behavior is observed on Windows 10 and it took quite a long time (about a 
minute) to authenticate and get an IP address without getting online.

But it doesn’t work at all for Mac OS and mobile devices (Apple iPads and 
Android tabs), namely, same registration VLAN 2 is assigned as per radius.log 
but an endpoint can’t receive an IP address via DHCP.

 

If it is OS specific behavior and I can’t do anything about it then it’s OK 
again but I want to make it work smooth and fast.

The target role for all endpoints that should be allowed to connect via this 
specific SSID is Staff and I’m assigning this role in the authentication rule 
for a specific authentication source.

The result of the test authentication for a user confirm it:

 

./pftest authentication it.tech 

 

Authenticating against 'OPTIONS-AD-SOURCE' in context 'admin'

  Authentication SUCCEEDED against OPTIONS-AD-SOURCE (Authentication 
successful.)

  Matched against OPTIONS-AD-SOURCE for 'authentication' rules

set_unreg_date : 2019-12-31 11:53:24

set_role : Staff

 

What’s the point of assigning this role by a rule if in reality an endpoint 
doesn’t get assigned the required VLAN ID upon successful authentication 
against a specific SSID ?

Should I forget about VLAN 10 that is assigned to Staff role and only assign 
VLAN 10 to registration ?

 

Eugene

 

From: Durand fabrice via PacketFence-users 
 
Sent: Wednesday, July 03, 2019 5:52 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] Manual device registration to allow it to the 
network

 

Hello Eugene,

it's something really easy to do.

First in the switch config assign -1 to the registration role (it will reject 
the device that is not reg) and assign the correct vlan id for the other roles.

Next create a connection profile with a filter that match the ssid and don't 
assign any sources.

And at the end register the device you want and assign a role manually.

That's it.

Regards

Fabrice

 

Le 19-07-03 à 14 h 44, E.P. via PacketFence-users a écrit :

Now I’m getting confused after trying to understand RADIUS enforcement.

Reading the document that says:

 

Using RADIUS enforcement, everytime a device connects to the network, a 
matching production VLAN will be assigned, depending on the rules in 
Configuration→Policies and Access Control→Authentication Sources

 

The only place (or rather configuration component) to assign VLAN is in Roles 
under the switch (or switch group) where I add VLAN ID in “Role mapping by VLAN 
ID”. Am I correct ?

 

So, for example, I have Staff role with VLAN 10 added to it in the switch 
group. 

Then upon a user successful authentication and a condition matching in the 
authentication rule the action is assigned, namely unregistration date and role 
assignment. 

 

It all works and the endpoint gets connected but its status shows as 
unregistered and role unassigned under Nodes section in PacketFence Web UI. But 
as it seems to me an endpoint gets connected because VLAN ID assignment is 
pushed from the Wireless system controller for a specific SSID. If I remove it 
and assign this duty to RADIUS then it doesn’t work.

An endpoint can’t connect because it doesn’t receive an IP address because the 
AP doesn’t put it to the required VLAN

 

Eugene

 

From: E.P.    
Sent: Wednesday, July 03, 2019 10:11 AM
To: packetfence-users@lists.sourceforge.net 
 
Cc: 'Nicolas Quiniou-Briand'   
Subject: RE: [PacketFence-users] Manual device registration to allow it to the 
network

Re: [PacketFence-users] SNMP switch info not populating Location

2019-07-04 Thread Mike McGeer via PacketFence-users 
Hi Fabrice,

Thanks I ran the pf-maint.pl answered yes to all, and all my switch configs 
disappeared.

Regards

Michael JA McGeer
Operation and Systems Manager
Afrisam (South Africa)(Pty) Ltd
Phone 011 670 5734
Fax 011 670 5234
Cell 0837019991

To view AfriSam's legal disclaimer, please go to 
http://www.afrisam.co.za/legal/terms-of-use



-"Durand fabrice via PacketFence-users" 
 wrote: -
To: packetfence-users@lists.sourceforge.net
From: "Durand fabrice via PacketFence-users" 

Date: 04/07/2019 2:39
Cc: "Durand fabrice" 
Subject: Re: [PacketFence-users] SNMP switch info not populating Location

   Hello Mike,
 you need to run pf-maint.pl , it's a bug that has been fixed.
 Regards
 Fabrice
 
 
 
Le 19-07-03 à 07 h 02, Mike McGeer via   PacketFence-users a écrit :
 
Hi all. 


All I wan't it to use VLAN enforcement without Radius for now.  
   


I am struggling with the following, SNMP traps are populating the 
SNMP logs. 
I can manually change the switch port to registration and it is 
receiving a DHCP ip. 
However I cannot change the Node as the location information from 
the switch is not being populated. 


>From the packet logs I see a lot of "Can't locate object method 
>"new" via package "pf::task::pfsnmp_parsing" 


How do I fix the or is this normal. 




extract from snmpdtrap logs 


   2019-07-03|10:57:37|UDP: 
[172.14.0.52]:161->[172.14.7.100]:162|172.14.0.52|BEGIN TYPE 3 END  
   TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.2.1.2.2.1.1.100 = INTEGER: 
100|.1.3.6.1.2.1.2.2.1.7.100 = INTEGER: 
up(1)|.1.3.6.1.2.1.2.2.1.8.100 = INTEGER: 
up(1)|.1.3.6.1.2.1.2.2.1.2.100 = STRING: 
E4|.1.3.6.1.2.1.31.1.1.1.18.100 = STRING:  END VARIABLEBINDINGS
perl callback function 0x7f838b208d98 returns 1
   2019-07-03|10:57:38|UDP: 
[172.14.0.52]:161->[172.14.7.100]:162|172.14.0.52|BEGIN TYPE 2 END  
   TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.2.1.2.2.1.1.100 = INTEGER: 
100|.1.3.6.1.2.1.2.2.1.7.100 = INTEGER: 
down(2)|.1.3.6.1.2.1.2.2.1.8.100 = INTEGER: 
down(2)|.1.3.6.1.2.1.2.2.1.2.100 = STRING: 
E4|.1.3.6.1.2.1.31.1.1.1.18.100 = STRING:  END VARIABLEBINDINGS
perl callback function 0x7f838b208d98 returns 1
   
   
extract from packetfence   logs
   
 
   Jul  3 12:59:59 PacketFence pfdhcp[24820]:   
  t=2019-07-03T12:59:59+0200 lvl=info msg="DHCPREQUEST for 
10.0.100.135 from d8:cb:8a:20:b7:e3 (GTN-SS-W679)" pid=24820 
mac=d8:cb:8a:20:b7:e3
   Jul  3 12:59:59 PacketFence pfdhcp[24820]:   
  t=2019-07-03T12:59:59+0200 lvl=info msg="DHCPACK on 
10.0.100.135 to d8:cb:8a:20:b7:e3 (GTN-SS-W679)" pid=24820 
mac=d8:cb:8a:20:b7:e3
   Jul  3 13:00:01 PacketFence pfqueue: pfqueue(3317) 
ERROR: [mac:unknown] Can't locate object method "new" via   
  package "pf::task::pfsnmp_parsing" at 
/usr/local/pf/lib/pf/pfqueue/consumer/redis.pm line 133.
  
(pf::pfqueue::consumer::redis::process_next_job)
  




   

  


Michael JA McGeer 
Operation and Systems Manager 
Afrisam (South Africa)(Pty) Ltd 
Phone 011 670 5734 
Fax 011 670 5234 
Cell 0837019991 


To view AfriSam's legal disclaimer, please go to 
http://www.afrisam.co.za/legal/terms-of-use 


   
Disclaimer 
The information contained in this communication from the sender 
is confidential. It is intended solely for use by the recipient 
and others authorized to receive it. If you are not the recipient, you 
are hereby notified that any disclosure, copying, distribution or 
taking action in relation of the contents of this information is 
strictly prohibited and may be unlawful. 
 
 This email has been scanned for viruses and malware,

Re: [PacketFence-users] Packetfence ZEN bridge problem

2019-07-04 Thread Mike McGeer via PacketFence-users 
I installed on VMWare, what version are you using ie Workstation. Vince etc

On Thu, 04 Jul 2019 at 07:38, Chadwick Boseman via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hi,
> so I've deployed my Packetfence ZEN on VMware, i've followed the
> documentation :
>
>
> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_going_through_the_configurator
>
> and I've reach the testing part 5.7. Testing
> 
> If I'm correct,
> 1) by default ZEN is configured to use NAT on VM (The first time I open
> the .ova, the network configuration was set to NAT),
> 2) by default the IP address of the eth0 interface is set to a static
> address
>
> When I try to connect a client (a Windows 10 laptop) to my 2960 switch,
> the authentication prompt popped up, I entered both valid and invalid
> credentials, but the authentication failed,
>
> the documentation said :
> *"To see what’s going on from PacketFence, click on the Auditing tab from
> PacketFence’s admin interface. You should see an entry for the MAC address
> of your Microsoft Windows 7 endpoint" *
>
> but when I checked, there was nothing there..
> My understanding is the switch has no way to communicate with the pf
> server in the VM since it is using NAT..
>
> When I tried to change it to bridged connection to make the PF bridge my
> PC's ethernet connection, the IP address of the PF eth0 didn't change, so I
> change it to a valid IP address from my LAN segment, and I cannot access
> the configurator, or the admin page..
>
> Can anyone help me please..? maybe I missed something or there is
> additional configuration I need for it to work?
>
> Thanks in advance
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence ZEN bridge problem

2019-07-04 Thread Mike McGeer via PacketFence-users 
Sorry Question VBox

On Thu, 04 Jul 2019 at 08:18, Mike McGeer  wrote:

> I installed on VMWare, what version are you using ie Workstation. Vince etc
>
> On Thu, 04 Jul 2019 at 07:38, Chadwick Boseman via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hi,
>> so I've deployed my Packetfence ZEN on VMware, i've followed the
>> documentation :
>>
>>
>> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_going_through_the_configurator
>>
>> and I've reach the testing part 5.7. Testing
>> 
>> If I'm correct,
>> 1) by default ZEN is configured to use NAT on VM (The first time I open
>> the .ova, the network configuration was set to NAT),
>> 2) by default the IP address of the eth0 interface is set to a static
>> address
>>
>> When I try to connect a client (a Windows 10 laptop) to my 2960 switch,
>> the authentication prompt popped up, I entered both valid and invalid
>> credentials, but the authentication failed,
>>
>> the documentation said :
>> *"To see what’s going on from PacketFence, click on the Auditing tab from
>> PacketFence’s admin interface. You should see an entry for the MAC address
>> of your Microsoft Windows 7 endpoint" *
>>
>> but when I checked, there was nothing there..
>> My understanding is the switch has no way to communicate with the pf
>> server in the VM since it is using NAT..
>>
>> When I tried to change it to bridged connection to make the PF bridge my
>> PC's ethernet connection, the IP address of the PF eth0 didn't change, so I
>> change it to a valid IP address from my LAN segment, and I cannot access
>> the configurator, or the admin page..
>>
>> Can anyone help me please..? maybe I missed something or there is
>> additional configuration I need for it to work?
>>
>> Thanks in advance
>>
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Radius Integrations with Packetfence

2019-07-04 Thread Alina Haider via PacketFence-users 
Hi,
Thanks  for your reply. Please can you tell me that how we can connect switch 
with Third party radius server?.
Secondly what is Radius Proxy?Is Radius Proxy is a method to integrate Third 
party Radius server with PacketFence?.

Regards,
Alina Haider

From: Durand fabrice via PacketFence-users 

Sent: Thursday, July 4, 2019 5:56 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Subject: Re: [PacketFence-users] Radius Integrations with Packetfence


Hello Alina,

there is no need to change anything in this section to make radius working.

The only thing you need to have is the switch configuration and the radius 
shared secret defined.


With that you will be able to send radius access request to packetfence from 
the AP/Controller/Switch.


Regards

Fabrice


Le 19-06-26 à 07 h 39, Alina Haider via PacketFence-users a écrit :
Hey,
I am new to Packetfence and till now I configured the packetfenc on my 
machine.Now I want to integrate FreeRadius server with packetfence server and I 
installed the packetfence with radius enforcement.I am attaching the image of 
radius configuration page can you please tell me from where I will get the data 
to fill those fields present on image. Thanks in advance.

Regards,
Alina Haider




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users