Re: [PacketFence-users] Unifi APs and Packetfence

2022-03-22 Thread Fabrice Durand via PacketFence-users 
Hello Adrian,
I deal with that sometimes and it's supposed to be the NAS that sends
the Framed-MTU
attribute.
Are you able to see it in the request ?
Can you change it on the AP side ?

Also if you change it on the freeradius side i don´t think it will change
anything.

Regards
Fabrice



Le mar. 22 mars 2022 à 20:41, Enrique Gross via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hi Adrián
>
> I have a group of unifi APs doing radius packetfence magic vía L2TP/IPSEC
> tunnel. No issues so far.
>
> Maybe I can help you, it's your routing ok? any NAT between your APs and
> packetfence management address? Where is your UNIFI controller located? I'm
> not really a fragmentation/MTU expert, why do you think this is causing
> problems?
>
> Enrique
>
>
>
> El mar, 22 de mar. de 2022 17:26, Adrian Damaschek via PacketFence-users <
> packetfence-users@lists.sourceforge.net> escribió:
>
>> Hello Everyone,
>>
>> I started this topic in my previous thred, but since its now a different
>> issue and more specific I decided to split it off. (the issue with SECP
>> Certs got fixed fo thanks everyone)
>>
>> Following problem. I got packetfence installed in my main Datacenter, now
>> I would like to have a central NAC for all my wifi, I use Unifi Access
>> point and the problem is that it seems not to work over VPN connections
>>
>> From all I could find its related to Fragmentation and MTU. Its suggested
>> to set the atribute of FramedMTU to something like 1300 or lower. To tell
>> the client as the MTU needs to be lower.
>> People seem to say that you set this on the radius server, and it tells
>> the client to use a lower frameMTU. Not a expert on radius so I don’t know.
>>
>> Anyone managed to get unifi APs to work with radius from offsite ?
>>
>> I would not want to deal with having to have a NAC per site. A radius
>> proxy fowarding the requests might be a option but I prefer to use that as
>> a last resort
>>
>> Thanks for any responses
>>
>> Adrian
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unifi APs and Packetfence

2022-03-22 Thread Enrique Gross via PacketFence-users 
Hi Adrián

I have a group of unifi APs doing radius packetfence magic vía L2TP/IPSEC
tunnel. No issues so far.

Maybe I can help you, it's your routing ok? any NAT between your APs and
packetfence management address? Where is your UNIFI controller located? I'm
not really a fragmentation/MTU expert, why do you think this is causing
problems?

Enrique



El mar, 22 de mar. de 2022 17:26, Adrian Damaschek via PacketFence-users <
packetfence-users@lists.sourceforge.net> escribió:

> Hello Everyone,
>
> I started this topic in my previous thred, but since its now a different
> issue and more specific I decided to split it off. (the issue with SECP
> Certs got fixed fo thanks everyone)
>
> Following problem. I got packetfence installed in my main Datacenter, now
> I would like to have a central NAC for all my wifi, I use Unifi Access
> point and the problem is that it seems not to work over VPN connections
>
> From all I could find its related to Fragmentation and MTU. Its suggested
> to set the atribute of FramedMTU to something like 1300 or lower. To tell
> the client as the MTU needs to be lower.
> People seem to say that you set this on the radius server, and it tells
> the client to use a lower frameMTU. Not a expert on radius so I don’t know.
>
> Anyone managed to get unifi APs to work with radius from offsite ?
>
> I would not want to deal with having to have a NAC per site. A radius
> proxy fowarding the requests might be a option but I prefer to use that as
> a last resort
>
> Thanks for any responses
>
> Adrian
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Configuring 11.x for use with Microsoft Authenticator

2022-03-22 Thread Zammit, Ludovic via PacketFence-users 
Hello Christopher,

Do you have a valid Akamai MFA account ?

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Mar 22, 2022, at 10:19 AM, Gibbs, Christopher via PacketFence-users 
>  wrote:
> 
> Has anyone successfully done this? I’ve gone through the setup documentation 
> athttps://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_mfa_integration
>  
> ,
>  but I think I must be missing something. My RADIUS login works fine, but 
> even though I have defined the actions as specified in the documentation, the 
> MFA process does not appear to be triggered correctly. I’m sure I’ve missed 
> something. Any ideas?
>  
> Chris Gibbs
> Information Technology Infrastructure Manager
> Campbellsville University
>  
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HkcRnok3X7YzkrikiZMpRXxzK4QIc8KFPhMlvxortwmlA5RU-fo-jTIakVULO-b_$
>  
> 


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with maridb root user

2022-03-22 Thread Zammit, Ludovic via PacketFence-users 
I will suggest you to reset your mariadb root password.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Mar 22, 2022, at 4:24 PM, Martijn Langendoen  wrote:
> 
> Hi,
>  
> Yes that’s works.
>  
> [root@PacketFence-ZEN ~]# mysql -upf -p -e "show variables where 
> Variable_name='version';"
> Enter password:
> +---+-+
> | Variable_name | Value   |
> +---+-+
> | version   | 10.1.21-MariaDB |
> +---+-+
>  
> I run this in the production unit that I want to upgrade.
>  
> And I’am 100% sure that the root pw is ok.
>  
> [root@PacketFence-ZEN ~]# mysql -uroot -p -e "show variables where 
> Variable_name='version';"
> Enter password:
> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using 
> password: YES)
>  
> 
> 
> Martijn Langendoen
> netwerkbeheerder
> mlangend...@dezb.nl   
> 
> 0118 654307
> 
>  
> 
>  
> 
>  
> 
>  
> /dezbnl
> www.dezb.nl 
> 
> 
> 
> Kousteensedijk 7
> 4331 JE Middelburg
> Postbus 8004
> 4330 EA Middelburg
>  
>  
> Van: Zammit, Ludovic  
> Verzonden: 22 March 2022 20:58
> Aan: Martijn Langendoen 
> CC: packetfence-users@lists.sourceforge.net
> Onderwerp: Re: [PacketFence-users] Problem with maridb root user
>  
> Hello there,
>  
> It looks like that your root password is not good.
>  
> Can you try the pf account?
>  
> mysql -upf -p -e "show variables where Variable_name='version’;"
>  
> Thanks,
>  
> Ludovic Zammit
> Product Support Engineer Principal
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:
>    
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> On Mar 22, 2022, at 3:47 PM, Martijn Langendoen  > wrote:
>  
> Hi,
>  
> Yes there is a problem with mariadb
> Here my upgrade log:
>  
> [root@PacketFence-ZEN ~]# ps ax | grep mariadb
> 1919 ?Ss 0:00 pf-mariadb
> 2155 ?S  0:00 /bin/sh /usr/bin/mysqld_safe 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf
> 2300 ?Sl 0:02 /usr/sbin/mysqld 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf --basedir=/usr 
> --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin 
> --pid-file=PacketFence-ZEN.pid --socket=/var/lib/mysql/mysql.sock --port=3306
>  
> [root@PacketFence-ZEN ~]# ps ax | grep mysql
> 2155 ?S  0:00 /bin/sh /usr/bin/mysqld_safe 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf
> 2300 ?Sl 0:02 /usr/sbin/mysqld 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf --basedir=/usr 
> --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin 
> --pid-file=PacketFence-ZEN.pid --socket=/var/lib/mysql/mysql.soc
> 2301 ?S  0:00 logger -t mysqld -p daemon.error
>  
>  
> # Start update with written in the upgrade guide:
>  
> [root@PacketFence-ZEN ~]# /usr/local/pf/bin/pfcmd service pf stop
> Service StatusPID
> packetfence-api-frontend.servicestopped   0
> packetfence-config.service  started   0
> packetfence-fingerbank-collector.servicestopped   0
>

Re: [PacketFence-users] Problem with maridb root user

2022-03-22 Thread Zammit, Ludovic via PacketFence-users 
Hello there,

It looks like that your root password is not good.

Can you try the pf account?

mysql -upf -p -e "show variables where Variable_name='version’;"

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Mar 22, 2022, at 3:47 PM, Martijn Langendoen  wrote:
> 
> Hi,
>  
> Yes there is a problem with mariadb
> Here my upgrade log:
>  
> [root@PacketFence-ZEN ~]# ps ax | grep mariadb
> 1919 ?Ss 0:00 pf-mariadb
> 2155 ?S  0:00 /bin/sh /usr/bin/mysqld_safe 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf
> 2300 ?Sl 0:02 /usr/sbin/mysqld 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf --basedir=/usr 
> --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin 
> --pid-file=PacketFence-ZEN.pid --socket=/var/lib/mysql/mysql.sock --port=3306
>  
> [root@PacketFence-ZEN ~]# ps ax | grep mysql
> 2155 ?S  0:00 /bin/sh /usr/bin/mysqld_safe 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf
> 2300 ?Sl 0:02 /usr/sbin/mysqld 
> --defaults-file=/usr/local/pf/var/conf/mariadb.conf --basedir=/usr 
> --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin 
> --pid-file=PacketFence-ZEN.pid --socket=/var/lib/mysql/mysql.soc
> 2301 ?S  0:00 logger -t mysqld -p daemon.error
>  
>  
> # Start update with written in the upgrade guide:
>  
> [root@PacketFence-ZEN ~]# /usr/local/pf/bin/pfcmd service pf stop
> Service StatusPID
> packetfence-api-frontend.servicestopped   0
> packetfence-config.service  started   0
> packetfence-fingerbank-collector.servicestopped   0
> packetfence-galera-autofix.service  disabled  0
> packetfence-haproxy-admin.service   stopped   0
> packetfence-haproxy-db.service  disabled  0
> packetfence-haproxy-portal.service  stopped   0
> packetfence-httpd.aaa.service   stopped   0
> packetfence-httpd.admin.service disabled  0
> packetfence-httpd.admin_dispatcher.service  stopped   0
> packetfence-httpd.collector.service disabled  0
> packetfence-httpd.dispatcher.servicestopped   0
> packetfence-httpd.portal.servicestopped   0
> packetfence-httpd.proxy.service disabled  0
> packetfence-httpd.webservices.service   stopped   0
> packetfence-iptables.servicestopped   0
> packetfence-keepalived.service  stopped   0
> packetfence-mariadb.service started   1919
> packetfence-netdata.service stopped   0
> packetfence-pfacct.service  stopped   0
> packetfence-pfcertmanager.service   stopped   0
> packetfence-pfcron.service  stopped   0
> packetfence-pfdetect.servicestopped   0
> packetfence-pfdhcp.service  stopped   0
> packetfence-pfdhcplistener.service  stopped   0
> packetfence-pfdns.service   stopped   0
> packetfence-pffilter.servicestopped   0
> packetfence-pfipset.service stopped   0
> packetfence-pfperl-api.service  stopped   0
> packetfence-pfpki.service   stopped   0
> packetfence-pfqueue.service stopped   0
> packetfence-pfsso.service   stopped   0
> packetfence-pfstats.service stopped   0
> packetfence-radiusd-acct.servicedisabled  0
> packetfence-radiusd-auth.servicestopped   0
> packetfence-radiusd-cli.service stopped   0
> packetfence-radiusd-eduroam.service stopped   0
> packetfence-radiusd-load_balancer.service   disabled  0
> packetfence-radsniff.servicestopped   0
> packetfence-redis-cache.service started   1554
> packetfence-redis_ntlm_cache.servicedisabled  0
> packetfence-redis_queue.service stopped   0
> packetfence-snmptrapd.service   stopped   0
> packetfence-tc.service  disabled  0
> packetfence-tracking-config.service

[PacketFence-users] Configuring 11.x for use with Microsoft Authenticator

2022-03-22 Thread Gibbs, Christopher via PacketFence-users 
Has anyone successfully done this? I've gone through the setup documentation at 
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_mfa_integration,
 but I think I must be missing something. My RADIUS login works fine, but even 
though I have defined the actions as specified in the documentation, the MFA 
process does not appear to be triggered correctly. I'm sure I've missed 
something. Any ideas?

Chris Gibbs
Information Technology Infrastructure Manager
Campbellsville University

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Unifi APs and Packetfence

2022-03-22 Thread Adrian Damaschek via PacketFence-users 
Hello Everyone, 

I started this topic in my previous thred, but since its now a different issue 
and more specific I decided to split it off. (the issue with SECP Certs got 
fixed fo thanks everyone)

Following problem. I got packetfence installed in my main Datacenter, now I 
would like to have a central NAC for all my wifi, I use Unifi Access point and 
the problem is that it seems not to work over VPN connections

From all I could find its related to Fragmentation and MTU. Its suggested to 
set the atribute of FramedMTU to something like 1300 or lower. To tell the 
client as the MTU needs to be lower.
People seem to say that you set this on the radius server, and it tells the 
client to use a lower frameMTU. Not a expert on radius so I don’t know.

Anyone managed to get unifi APs to work with radius from offsite ?

I would not want to deal with having to have a NAC per site. A radius proxy 
fowarding the requests might be a option but I prefer to use that as a last 
resort 

Thanks for any responses

Adrian

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users