Re: [PacketFence-users] PF 9.0.1 - Captive portal Redirection delay ERROR pfperl-api(1886)

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Hello Roger,

try that:

/usr/local/pf/bin/pfcmd configreload hard

and retry

Regards

Fabrice


Le 19-08-01 à 08 h 41, Roger Faria via PacketFence-users a écrit :

Hi Everyone,

Seems like every time I change the redirection delay to anything other 
the its default "20s" the captive portal page crashes and it doesn't 
display the settings. I can see them on the and the logs display the 
following error listed below. has anyone experienced a similar problem?


ERROR pfperl-api(1886): Can't use string ("20s") as a HASH ref while 
"strict refs" in use at 
/usr/local/pf/lib/pf/UnifiedApi/Controller/Config.pm line 787. 
(Mojolicious::Plugin::DefaultHelpers::_development)


*Rogerio Faria*
Network Administrator
*IT**S**Information Technology**Services*
Bergen Community College
400 Paramus Rd, Paramus NJ 07652

rfa...@bergen.edu 
O:(201) 612-5367 


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] WMI Scan with One Host Only

2019-08-06 Thread Fabrice Durand via PacketFence-users 

You don't have enough memory on your server.


Le 19-08-01 à 09 h 17, Zairy Fajar via PacketFence-users a écrit :
Yes I have it, if I use the account to do a remote wmi on Windows pc, 
it works..but packetfence cannot trigger any scan on Captive Portal .. 
also when I do wmic manually from the Packetfence server, it shows 
"Memory allocation error"..


On Thu, Aug 1, 2019, 8:09 PM Fabrice Durand via PacketFence-users 
> wrote:


Hello Zairy,

you need to have an account that able to connect to wmi on the
remote laptop, so it's probably a local account.

Regards

Fabrice


Le 19-07-31 à 23 h 24, Zairy Fajar via PacketFence-users a écrit :

Ok i understand, but how do I configure WMI scan engine to scan
only one host which is not in the AD domain? ( It's only in the
default WORKGROUP)
I can't get the scan to work, the packetfence.log doesn't show
anything about scan

On Thu, Jul 18, 2019, 7:58 PM Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

It depend how you configure your violation.


Le 19-07-18 à 05 h 33, Chadwick Boseman via PacketFence-users
a écrit :

Hi Fabrice,
Thanks a lot for ur answer, really helpful!

One more thing I wanna ask is, if I do as you said

/"You need to create a wmi scan engine and add it in the
connection profile."/

When the client device triggers a violation, will it be
automatically moved to the isolation VLAN



On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

Hello Chadwick,

Le 19-07-16 à 04 h 59, Chadwick Boseman via
PacketFence-users a écrit :

Hi All,
So I have a PF Zen up and running,

I have some questions regarding my understanding of
VLAN membership in PF:
1. When a new device (never connect / never register
before) is connected to the switch, it will be put into
the registration VLAN. And after they register their
device from the captive portal it will be moved to
guest VLAN automatically. Is this correct?? if not,
please explain to me


In fact the vlan you want.

2.  after the device's MAC is registered in the PF
server, does the user have to manually enable the
802.1x auth from their ethernet adapter? or can PF
actually automatically change the VLAN to
default/normal VLAN and activate the 802.1x auth?


The supplicant needs to be configured if you wants to do
802.1x, you can do it by GPO if you have a domain.

Also you can do provisioning with packetfence but only
for wireless right now.



i followed the pf installation guide , the captive
portal is configured to the bare minimum where the user
just need to agree to some policy, and the device then
registered. My VLANs are as follow :
Guest    :  VLAN 640
Registration :  VLAN 640
Normal/default : VLAN 625
Isolation    : VLAN 641

The guest and registration VLANs are the same because
the installation guide said
/"in Role by VLAN ID, set the registration and guest
VLAN ID to 20 - this will ensure unregistered clients
are initially put in VLAN 20 and avoid a VLAN change
once they properly authenticate from the captive portal"/

/It's for web authentication, not for vlan enforcement,
so the registration vlan needs to be different than the
guest vlan./


I want something more to do on the captive portal, so I
configured a WMI scan so when a client register their
device on the captive portal, WMI checks whether they
have an Antivirus installed or not..
I want that if the device doesn't have an AV installed,
it is moved to the isolation VLAN (That's the correct
behavior right?) so how do I achieve this?


You need to create a wmi scan engine and add it in the
connection profile.

Regards

Fabrice




Thanks a lot guys..I'll really appreciate any
explanation/answer


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net  

https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand

fdur...@inverse.ca    ::

Re: [PacketFence-users] PacketFence and Wireless Integration

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Bonjour Julien,

si l'ap est managé par le contrôleur alors vous n'avez pas trop le choix 
d'utiliser celui-ci pour configurer votre AP.


Il me semble que vous pouvez définir localement le serveur radius a 
utiliser et mettre l'ap en mode flex-connect.


Cordialement

Fabrice


Le 19-08-01 à 11 h 04, MACONE Julien via PacketFence-users a écrit :


Bonjour Fabrice,

Merci de votre réponse.

Pour vous éclairer :

Nous avons des bornes Wi-fi Cisco, nous ne gérons pas du tout le 
contrôleur Wi-fi, celui-ci est sous la direction de la maison mère, 
néanmoins, les bornes se connectent à celui-ci pour récupérer la 
configuration initiale. Pour se connecter au contrôleur, elle passe 
donc par le réseau d’entreprise. Egalement, PacketFence, le Vlan 
Registration n’est pas dans le réseau d’entreprise (Sinon aucun 
intérêt de créer un NAC).


Partons donc de cette configuration :

Vlan entreprise = Vlan 1

Vlan Registration = Vlan 10 àCaptive Portal

  * Si ma borne est sur un port configurer en Vlan 1, alors les
utilisateurs ne passeront pas par PacketFence.
  * Si ma borne est sur un port configurer en Vlan 10, alors elle ne
pourra pas trouver le contrôleur et donc les utilisateurs n’auront
aucunement la possibilité de s’authentifier.

Je voulais donc savoir, étant nouveau sur PacketFence, est-il possible 
de mettre en place une exception pour la borne Wi-fi ?? La laisser 
dans le Vlan 1 mais toutes les connections qui s’y feront seront sur 
le Vlan 10 ? Ou une autre solution, une autre technique je ne sais 
pas.. :/


Cordialement, Julien.

*De :*Fabrice Durand via PacketFence-users 


*Envoyé :* jeudi 1 août 2019 15:43
*À :* packetfence-users@lists.sourceforge.net
*Cc :* Fabrice Durand 
*Objet :* Re: [PacketFence-users] PacketFence and Wireless Integration

Hello Julien,

not sure to understand your issue, you say that it's a standalone AP 
but connected to a controller.


If there is a controller then you probably need to configure the AP on 
the controller.


Vous pouvez continuer en français si vous voulez.

Regards

Fabrice

Le 19-08-01 à 08 h 41, MACONE Julien via PacketFence-users a écrit :

Hello there,

I’m a new PacketFence’s user and I’ve to ask you some questions
about Wireless configuration.

Forgive my english please..

So I’ve 4 Aruba 2540 Switchs, on those ones, I’ve a PacketFence
server connected to them and the authentication Radius is working
well in wired connection.

It means all ports are configured to be in the registered Vlan.

So actually, when someone is pluged, the captive portal woke up
and the credentials are asked. No probs !

But… i’ve 2 Cisco AiroNet 2802 series (Wireless hotspot) without
controller… The hotspot have to initiate connection with
controller (Location : Paris – Don’t have any hands on it) before
starting.

It means that I can’t put them to the registered Vlan because this
Vlan doesn’t have access to anything (except the PF server /
Captive Portal) and so the hotspot can’t start.

With this.. How is it possible to give access (Registered Vlan
should be good) to my wireless users thanks to the hotspot ?

How my ports have to be configured to enable the registered vlan
to pass through the hotspot and make my wireless users able to
authenticate to the captive portal ?

Huge thanks to future answers.

Nice Day,

Ju.




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net  


https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca    ::  +1.514.447.4918 (x135) 
::www.inverse.ca  
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Support for Statement of Health

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Hello Jonathan,

as you say you can use Nessus or OpenVAS or some MDM to check the 
compliance.


Regards

Fabrice


Le 19-08-02 à 13 h 14, Jonathan Geyer via PacketFence-users a écrit :


Packet Fence UG/Support,

I’ve been looking into how to perform health checks or statement of 
health checks against clients connecting over 802.1x. The 
documentation has very little information on this and I’m wondering if 
possibly we are looking in the wrong place. I know there is scanning 
integration where we can hook Nessus or OpenVAS and that would not be 
the best option for a health check process as there is delay from 
moving a host from Registration to either Isolation or what we have 
defined as a Approval VLAN that only consists of hosts with the same 
checks that are validated.


Thanks,

cid:image002.jpg@01D09A39.0F0EB5A0

*Jonathan Geyer | CCNP, CCDA, BCNP, CSSP, ITIL, ACSE*

Senior Network Engineer

191 Wyngate Dr.
Monroeville, PA 15146

mail: jge...@advanticom.com 
www: http://www.advanticom.com 
tel: 412-385-5069
fax: 412-385-5001

service: 412-385-5002

ISO-Advanticom-ISMS




Jonathan Geyer
Senior Network Engineer

Advanticom, Inc.

Tech One Park

191 Wyngate Drive

Monroeville, PA 15146



mail:jge...@advanticom.com 
www: http://www.advanticom.com
tel:412-385-5069 
fax: 412-385-5001

service:412-385-5002 




This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SponsorAuthenticatoin not matching condition for user_email attribute, always authenticated by catchall rule

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Hello Alessandro,

can you try pftest to see if it match the rule ?

Also can you try user_email matches regexp *.domain.com ?

Regards

Fabrice


Le 19-08-02 à 16 h 08, Alessandro Uggenti via PacketFence-users a écrit :

Dear all,
Anyone has any hint for this issue?
Thanks in advance

Il Gio 1 Ago 2019, 14:37 Alessandro Uggenti > ha scritto:


Hello
Yes in the sponsor authentication source rule i set up role and
acces duration, role is already existing and different from guest
one.  Unfortunately in
authentication source sponsor, i cannot find any section
"Comma-separated list of Allowed Domains". There is just a flag to
allow local domains. Do you have any other suggestion?
Thanks

Il Gio 1 Ago 2019, 13:55 pro fence via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>> ha scritto:

Hi,

in your authentication rule do you match a guest "Role", that
you must have created beforehand.
As for the domain  match, you can try putting them in the
sponsor authentication source, section "Comma-separated list
of Allowed Domains"

Regards

On Thu, 1 Aug 2019 at 09:48, Alessandro Uggenti via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

Dear all,
i have Packetfence 8.2.0  using web interface, i use
sponsor registration for our guest.
I need to set up a different role for specific guest and i
would like to use user_email attribute, after creating a
new authentication rule in the sponsor authentication
sources, inserting as condition user_email end
with @domain.com  or domain.com
 and apply a role, it is never
authenticate as i want, it simply use catchall rule
skipping the new authentication rule.
i tried using computer name attribute as well with same
result, it seems any condition set in the authentication
rule is not met.
Do you have any suggestion on how to use such feature?
Thanks in advance

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Scan Engine Doesn't Work

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Hello Fajar,

11:22:33:44:55:66 is the fake mac address when you use the portal preview.

You need to do your test with a real device.

Regards

Fabrice


Le 19-08-05 à 06 h 52, Fajar Zairy via PacketFence-users a écrit :

Hi everyone,
I have pf zen running on vmware with vlan enforcement
I've been struggling on my captive portal scan..
I can scan my devices with nessus just fine when I launch the policy 
directly from nessus admin page. But I cannot make my pf captive 
portal scan registering device using this nessus engine, the 
packetfence.log always says:


pfence pfqueue: pfqueue(7518) WARN: [mac:
11:22:33:44:55:66]
Can't find scan engine for 11:22:33:44:55:66 since we don't have it's OS

why is this happening? and how to fix this problem?
Please help me, I've been struggling with this for two weeks now


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Registration dhco

2019-08-06 Thread Fabrice Durand via PacketFence-users 

Hello Domingos,

if the device receive an ip address from the production vlan then it 
mean that there is a network miss-configuration.


Can you provide some logs ?

Regards

Fabrice


Le 19-08-05 à 10 h 17, Domingos Varela via PacketFence-users a écrit :

Hi,

I am using pf to authenticate wifi users on the network, but when a 
user connects to the network he gets the IP from the data network and 
not from the registration network.


Shouldn't users receive the IP from the registration network and after 
logging in receive the io from the data network?


Thanks
Regards


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help - Guest fallback to authentication page

2019-08-06 Thread Helen Power via PacketFence-users 

Hi Ludovic,

Thank you very much for helping.

I checked and it actually doesn’t show any error messages. Guest can do self 
registration fine, the sponsor can grant access fine. It’s just if the sponsor 
doesn’t activate the guest access right away, guest side looks it will time out 
after 60 - 90seconds and then back to the guest sign up and start the 
authentication all over again. Is there anything I can change to disable this 
feature?

Scarlett

On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello Scarlett,

When the sponsor click on the link to validated the access you don’t see any 
error ?

If you check in the logs/packetfence.log you should be able to trace what’s 
going on for that sponsor authentication.

Thanks,

Ludovic Zammit
lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
www.inverse.ca
Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu)
 and PacketFence 
(http://packetfence.org)




On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hi All,
We are running the latest PacketFence box and trying to enable the guest self 
registration feature. Everything works fine but one thing. When the guest self 
register himself via the sponsor email and pending for sponsor approval, If the 
sponsor doesn’t approve his request within around 1 minute, guest pending 
approval page will fallback to the originate guest signup page. Guest doesn’t 
have WiFi access even sponsor grant the access afterwards. Would you please 
help to shed some light on how to solve this issue? Is there a way to have 
guest stay at the pending page before getting the approval instead of fallback 
to authenticate all over again?

Thank you very much for your help!!!

Scarlett
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-usersdata=02%7C01%7Chelen_power%40resourcepro.com%7C1d0311d9e8e74ed226c208d71a7dab0f%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637006999369746936sdata=mUUIXbTUkOH%2Fez02kFlN39izG6hR0s8uTos5LntCtKM%3Dreserved=0
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help - Guest fallback to authentication page

2019-08-06 Thread Ludovic Zammit via PacketFence-users 
Scarlett,

The “Email Activation Timeout” is configurable under the Sponsor source. By 
default it’s set to 30 mins. The user should stay in pending mode until he gets 
enable or the token expires after 30 mins.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 11:04 AM, Scarlett Moss  
> wrote:
> 
> I understand that. The issue is under most cases, the sponsor will not be 
> able to grant their access in one and half minute. So the guest will stay in 
> the pending page and wait for the approval from the sponsor. However, it will 
> time out / jump back to the original sign up page before the sponsor even 
> gets the chance to approve its request. Does that make sense? so I want to 
> longer the guest pending time so it will give the sponsor enough time to 
> actually check their email and then approve their request.
> 
> Scarlett 
> 
> On Tue, Aug 6, 2019 at 9:59 AM Ludovic Zammit  > wrote:
> The sponsor should receive a email, into that email he has a link.
> 
> The user will only be enabled on the network as soon the sponsor click on the 
> link to grant the access. If the email is delayed or/and the sponsor takes 
> time to click on the link and grant the access, the user would have to wait.
> 
> Thanks,
> 
> Ludovic Zammit
> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> ) and PacketFence (http://packetfence.org 
> ) 
> 
> 
> 
> 
>> On Aug 6, 2019, at 10:56 AM, Helen Power > > wrote:
>> 
>> 
>> Hi Ludovic,
>> 
>> Thank you very much for helping.
>> 
>> I checked and it actually doesn’t show any error messages. Guest can do self 
>> registration fine, the sponsor can grant access fine. It’s just if the 
>> sponsor doesn’t activate the guest access right away, guest side looks it 
>> will time out after 60 - 90seconds and then back to the guest sign up and 
>> start the authentication all over again. Is there anything I can change to 
>> disable this feature?
>> 
>> Scarlett
>> 
>> On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
>> > > wrote:
>> 
>>> Hello Scarlett,
>>> 
>>> When the sponsor click on the link to validated the access you don’t see 
>>> any error ?
>>> 
>>> If you check in the logs/packetfence.log you should be able to trace what’s 
>>> going on for that sponsor authentication.
>>> 
>>> Thanks,
>>> 
>>> Ludovic Zammit
>>> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) 
>>> ::  www.inverse.ca 
>>> 
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
>>> )
>>>  and PacketFence (http://packetfence.org 
>>> )
>>>  
>>> 
>>> 
>>> 
>>> 
 On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
 >>> > wrote:
 
 Hi All,
 We are running the latest PacketFence box and trying to enable the guest 
 self registration feature. Everything works fine but one thing. When the 
 guest self register himself via the sponsor email and pending for sponsor 
 approval, If the sponsor doesn’t approve his request within around 1 
 minute, guest pending approval page will fallback to the originate guest 
 signup page. Guest doesn’t have WiFi access even sponsor grant the access 
 afterwards. Would you please help to shed some light on how to solve this 
 issue? Is there a way to have guest stay at the pending page before 
 getting the approval instead of fallback to authenticate all over again?
 
  
 
 Thank you very much for your help!!!
 
  
 
 Scarlett 
 
 ___
 PacketFence-users mailing list

Re: [PacketFence-users] help - Guest fallback to authentication page

2019-08-06 Thread Ludovic Zammit via PacketFence-users 
The sponsor should receive a email, into that email he has a link.

The user will only be enabled on the network as soon the sponsor click on the 
link to grant the access. If the email is delayed or/and the sponsor takes time 
to click on the link and grant the access, the user would have to wait.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 10:56 AM, Helen Power  wrote:
> 
> 
> Hi Ludovic,
> 
> Thank you very much for helping.
> 
> I checked and it actually doesn’t show any error messages. Guest can do self 
> registration fine, the sponsor can grant access fine. It’s just if the 
> sponsor doesn’t activate the guest access right away, guest side looks it 
> will time out after 60 - 90seconds and then back to the guest sign up and 
> start the authentication all over again. Is there anything I can change to 
> disable this feature?
> 
> Scarlett
> 
> On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
>  > wrote:
> 
>> Hello Scarlett,
>> 
>> When the sponsor click on the link to validated the access you don’t see any 
>> error ?
>> 
>> If you check in the logs/packetfence.log you should be able to trace what’s 
>> going on for that sponsor authentication.
>> 
>> Thanks,
>> 
>> Ludovic Zammit
>> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) :: 
>>  www.inverse.ca 
>> 
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
>> )
>>  and PacketFence (http://packetfence.org 
>> )
>>  
>> 
>> 
>> 
>> 
>>> On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
>>> >> > wrote:
>>> 
>>> Hi All,
>>> We are running the latest PacketFence box and trying to enable the guest 
>>> self registration feature. Everything works fine but one thing. When the 
>>> guest self register himself via the sponsor email and pending for sponsor 
>>> approval, If the sponsor doesn’t approve his request within around 1 
>>> minute, guest pending approval page will fallback to the originate guest 
>>> signup page. Guest doesn’t have WiFi access even sponsor grant the access 
>>> afterwards. Would you please help to shed some light on how to solve this 
>>> issue? Is there a way to have guest stay at the pending page before getting 
>>> the approval instead of fallback to authenticate all over again?
>>> 
>>>  
>>> 
>>> Thank you very much for your help!!!
>>> 
>>>  
>>> 
>>> Scarlett 
>>> 
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net 
>>> 
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-usersdata=02%7C01%7Chelen_power%40resourcepro.com%7C1d0311d9e8e74ed226c208d71a7dab0f%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637006999369746936sdata=mUUIXbTUkOH%2Fez02kFlN39izG6hR0s8uTos5LntCtKM%3Dreserved=0
>>  
>> 
> This email (including any attachments) contains confidential information 
> intended for a specific individual and purpose. If you have received this 
> email in error please notify the sender immediately and delete this e-mail. 
> If you are not the intended recipient

Re: [PacketFence-users] help - Guest fallback to authentication page

2019-08-06 Thread Ludovic Zammit via PacketFence-users 
Hello Scarlett,

When the sponsor click on the link to validated the access you don’t see any 
error ?

If you check in the logs/packetfence.log you should be able to trace what’s 
going on for that sponsor authentication.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
>  wrote:
> 
> Hi All,
> We are running the latest PacketFence box and trying to enable the guest self 
> registration feature. Everything works fine but one thing. When the guest 
> self register himself via the sponsor email and pending for sponsor approval, 
> If the sponsor doesn’t approve his request within around 1 minute, guest 
> pending approval page will fallback to the originate guest signup page. Guest 
> doesn’t have WiFi access even sponsor grant the access afterwards. Would you 
> please help to shed some light on how to solve this issue? Is there a way to 
> have guest stay at the pending page before getting the approval instead of 
> fallback to authenticate all over again?
> 
>  
> 
> Thank you very much for your help!!!
> 
>  
> 
> Scarlett 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help - Guest fallback to authentication page

2019-08-06 Thread Scarlett Moss via PacketFence-users 
Hi All,

We are running the latest PacketFence box and trying to enable the guest
self registration feature. Everything works fine but one thing. When the
guest self register himself via the sponsor email and pending for sponsor
approval, If the sponsor doesn’t approve his request within around 1
minute, guest pending approval page will fallback to the originate guest
signup page. Guest doesn’t have WiFi access even sponsor grant the access
afterwards. Would you please help to shed some light on how to solve this
issue? Is there a way to have guest stay at the pending page before getting
the approval instead of fallback to authenticate all over again?



Thank you very much for your help!!!



Scarlett
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] HP ProCurve support for 802.1x + MAC authentication + captive portal fallback

2019-08-06 Thread Randy Prothero via PacketFence-users 
I am curious if you got this working?
If so, would you mind sharing a sanitized copy of the config?

Thanks!

Randy
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to change the default Admin GUI to the old one (PF 9.0.1)?

2019-08-06 Thread pro fence via PacketFence-users 
Hi,

in the webadmin: top right corner, click on the toolbox -> switch to old
admin

Regards,

On Mon, 5 Aug 2019 at 13:54, Ivan Saliu via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hi Peter,
>
>
>
> I see nobody has ever replied to you, did you by any means manage to solve
> this by yourself?
>
> I do agree with you the new interface is still not there as functionality
> and would like to have as default the old one..
>
> I’ve tried to search a little bit into old threads / looking into the code
> but so far found nothing to change this behavior
>
>
>
> Regards,
>
>
>
> *Ivan Saliu *I Network Specialist
>
> [image: cid:image001.png@01D425BC.C5646F40]
>
> *Via Paleocapa, 20 - 24122 Bergamo – Phone: +39 035 280 756  – Mobile: +39
> 342 7948 173 – kikocosmetics.com *
>
>
>
> Follow us on
>
> [image: cid:image002.png@01D425BC.C5646F40]
> 
>
>
> --
> Questo messaggio è stato analizzato con Libra ESVA ed è risultato non
> infetto.
> This message has been checked by Libra ESVA and is believed to be clean.
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Machine authentication with multiple AD domains

2019-08-06 Thread Enrico Pasqualotto via PacketFence-users 
Hi Ludovic, thanks for the explanation. I re-check my config and all was 
correctly configured.
Today I found the issue, my second domain is longer that principal and the 
username for machine authentication exceed the MS limit 
(host/MY_PC_WITH_LONG_NAME.mysecond_domain.local). By renaming the COMPUTER 
NAME with a shorter value all is working now.

I was looking at the wrong side because the error message isn't clear (seems 
general auth issue).

Is there some workaround to avoid renaming PC?

Enrico.

On 02/08/19 13:52, Ludovic Zammit wrote:
Hello Enrico,

You have to create a realm with your domainName.local and enable “Strip in 
RADIUS authorization” then on your connection profile you will need an AD 
source with the “Username Attribute” with sAMAccountName and 
servicePrincipalName.

[X]

It will allow you authenticate users and  computers.

Thanks,



On Aug 2, 2019, at 6:53 AM, Enrico Pasqualotto via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:


Hi all, I have two domain:

mydomain1.local

mydomain2.local

configured with their REALM (MYDOMAIN1 & MYDOMAIN2) and all user auth are 
working well over RADIUS + Active-Directory.

Machine_authentication are working well for domain1.local because I have set 
the domain in the REALM NULL & DEFAULT.

Machine auth username come with this format: host/$PCNAME$.mydomainX.local

How can I manage the machine auth for multiple domain, I've tried to add a new 
REALM mydomain2.local but doesn't work.

Anyone can point me to the right configuration? How is the REALM retrieved on 
machine_auth?

Thanks

--
Enrico Pasqualotto

[https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png]
Private mail: epasqualo...@backloop.biz
Office: +39 045 9971269


Le informazioni contenute in questo messaggio di posta elettronica e negli 
eventuali allegati sono riservate e confidenziali e sono indirizzate 
esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o 
conservare tale messaggio se non si è il legittimo destinatario dello stesso. 
Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo 
al mittente e di cancellarlo permanentemente dal proprio computer.

The information contained in this message and in any attachment is intended 
exclusively for the recipient. If you are not the intended recipient you are 
hereby notified not to copy, save, disclose, or distribute it to any third 
party. If you erroneously received this message you are kindly requested to 
return it to the sender and eliminate it permanently from your computer.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Enrico Pasqualotto

[https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png]
Private mail: epasqualo...@backloop.biz
Office: +39 045 9971269


Le informazioni contenute in questo messaggio di posta elettronica e negli 
eventuali allegati sono riservate e confidenziali e sono indirizzate 
esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o 
conservare tale messaggio se non si è il legittimo destinatario dello stesso. 
Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo 
al mittente e di cancellarlo permanentemente dal proprio computer.

The information contained in this message and in any attachment is intended 
exclusively for the recipient. If you are not the intended recipient you are 
hereby notified not to copy, save, disclose, or distribute it to any third 
party. If you erroneously received this message you are kindly requested to 
return it to the sender and eliminate it permanently from your computer.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] test sql creds fails

2019-08-06 Thread Patti Robinson via PacketFence-users 
I am only at the point where I test the mysql credentials in the
configurator. It says , "
*Error!* Error in connection to the database mysql with user root"
I tried startin the database and it says it is masked.
I tried to unmask it, but that doesn't seem to work.
The mariadb status says:
systemctl status mariadb.service
● mariadb.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead)

Aug 06 06:21:44 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:21:47 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:21:47 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:21:50 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:21:50 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:22:09 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:22:45 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:23:20 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:23:56 packetfence systemd[1]: Cannot add dependency job for unit
m
Aug 06 06:24:32 packetfence systemd[1]: Cannot add dependency job for unit
m
Warning: mariadb.service changed on disk. Run 'systemctl daemon-reload' to
reload units.
Hint: Some lines were ellipsized, use -l to show in full.

I tried : radiusd -d /usr/local/pf/raddb/ -n auth -CX
And got:
FreeRADIUS Version 3.0.18
Copyright (C) 1999-2018 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /usr/local/pf/raddb//dictionary
including configuration file /usr/local/pf/raddb//auth.conf
Unable to open file "/usr/local/pf/raddb//auth.conf": No such file or
directory
Errors reading or parsing /usr/local/pf/raddb//auth.conf





*Enjoy this moment.*

Patti Robinson
IT Manager
Makah Tribal Council
360-645-3216

Flops are a part of life’s menu and I’ve never been a girl to miss out on
any of the courses.– Rosalind Russell

Confidentiality Notice:
This electronic mail transmission may contain legally privileged,
confidential information belonging to the sender.  The information is
intended only for the individual or entity named above.  If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution or taking any action based on the contents of the electronic
mail is strictly prohibited. If you received this electronic mail in error,
please click reply to notify the sender and delete all copies.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Machine authentication with multiple AD domains

2019-08-06 Thread Ludovic Zammit via PacketFence-users 
Hello Enrico,

Maybe you could try a vlan filter that check the username as the computer name 
and auto-register it and assign a role.

It’s manageable if you have not too many rules for computers authentication.

Thanks,

Ludovic Zammit




> On Aug 5, 2019, at 5:03 PM, Enrico Pasqualotto  
> wrote:
> 
> Hi Ludovic, thanks for the explanation. I re-check my config and all was 
> correctly configured.
> Today I found the issue, my second domain is longer that principal and the 
> username for machine authentication exceed the MS limit 
> (host/MY_PC_WITH_LONG_NAME.mysecond_domain.local). By renaming the COMPUTER 
> NAME with a shorter value all is working now.
> 
> I was looking at the wrong side because the error message isn't clear (seems 
> general auth issue).
> 
> Is there some workaround to avoid renaming PC?
> 
> Enrico.
> 
> On 02/08/19 13:52, Ludovic Zammit wrote:
>> Hello Enrico,
>> 
>> You have to create a realm with your domainName.local and enable “Strip in 
>> RADIUS authorization” then on your connection profile you will need an AD 
>> source with the “Username Attribute” with sAMAccountName and 
>> servicePrincipalName.
>> 
>> 
>> 
>> It will allow you authenticate users and  computers.
>> 
>> Thanks,
>> 
>> 
>> 
>>> On Aug 2, 2019, at 6:53 AM, Enrico Pasqualotto via PacketFence-users 
>>> >> > wrote:
>>> 
>>> Hi all, I have two domain:
>>> 
>>> mydomain1.local
>>> 
>>> mydomain2.local
>>> 
>>> configured with their REALM (MYDOMAIN1 & MYDOMAIN2) and all user auth are 
>>> working well over RADIUS + Active-Directory.
>>> 
>>> Machine_authentication are working well for domain1.local because I have 
>>> set the domain in the REALM NULL & DEFAULT.
>>> 
>>> Machine auth username come with this format: host/$PCNAME$.mydomainX.local
>>> 
>>> How can I manage the machine auth for multiple domain, I've tried to add a 
>>> new REALM mydomain2.local but doesn't work.
>>> 
>>> Anyone can point me to the right configuration? How is the REALM retrieved 
>>> on machine_auth?
>>> 
>>> Thanks
>>> 
>>> -- 
>>> Enrico Pasqualotto 
>>> 
>>>  
>>> Private mail: epasqualo...@backloop.biz 
>>> Office: +39 045 9971269
>>> 
>>> 
>>> Le informazioni contenute in questo messaggio di posta elettronica e negli 
>>> eventuali allegati sono riservate e confidenziali e sono indirizzate 
>>> esclusivamente al destinatario. Si prega di non fare copia, inoltrare a 
>>> terzi o conservare tale messaggio se non si è il legittimo destinatario 
>>> dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si 
>>> prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio 
>>> computer. 
>>> 
>>> The information contained in this message and in any attachment is intended 
>>> exclusively for the recipient. If you are not the intended recipient you 
>>> are hereby notified not to copy, save, disclose, or distribute it to any 
>>> third party. If you erroneously received this message you are kindly 
>>> requested to return it to the sender and eliminate it permanently from your 
>>> computer.
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net 
>>> 
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>>> 
>> 
> 
> -- 
> Enrico Pasqualotto 
> 
>  
> Private mail: epasqualo...@backloop.biz 
> Office: +39 045 9971269
> 
> 
> Le informazioni contenute in questo messaggio di posta elettronica e negli 
> eventuali allegati sono riservate e confidenziali e sono indirizzate 
> esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi 
> o conservare tale messaggio se non si è il legittimo destinatario dello 
> stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di 
> rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. 
> 
> The information contained in this message and in any attachment is intended 
> exclusively for the recipient. If you are not the intended recipient you are 
> hereby notified not to copy, save, disclose, or distribute it to any third 
> party. If you erroneously received this message you are kindly requested to 
> return it to the sender and eliminate it permanently from your computer.

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users