[PacketFence-users] ldap authentication failed

[Nikunj Vacchani via PacketFence-users]

Hello everyone,

I m facing issue when I m trying to authenticate with LDAP user.

ERROR,

chrooted_mschap: Program returned code (1) and output 'The attempted logon is 
invalid. This is either due to a bad username or authentication information. 
(0xc06d)'

how to resolve this issue.

Thanks & Regards,
Nikunj Vachhani.
Network Engineer.
99091 10490

DISCLAIMER : The content of this email is confidential and intended for the 
recipient specified in message only. It is strictly forbidden to share any part 
of this message with any third party, without a written consent of the sender. 
If you received this message by mistake, please reply to this message and 
follow with its deletion, so that we can ensure such a mistake does not occur 
in the future.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Disable default connection profile

[Fabrice Durand via PacketFence-users]

Hello James,

trying to remove the default profile is not a good idea since if no profile
matches then nothing will work.

The default is the last resort one if no one matches , so be sure to have
one who matches your filter (like the ssid) and keep the default one.

Regards
Fabrice

Le mer. 16 nov. 2022 à 08:30, James Andrewartha via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hi,
>
> I'm trying to understand connection profiles, and so wanted to disable
> the default so it's not matched, or at least not matched first. But I
> can't disable it or reorder it. I tried this at the top of profiles.conf
> but that just disabled all the other profiles instead:
>
> [default]
> status=disabled
>
> Should I just be changing it to suit my own needs? Or could I delete
> profiles.conf.defaults?
>
> Thanks,
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] CoA after guest registration

[James Andrewartha via PacketFence-users]

Hi again,

On 24/10/22 16:27, James Andrewartha via PacketFence-users wrote:
I'm trying to work out how to get PacketFence to send a CoA to an 
Aerohive (XIQ) AP after a guest registers and is approved by sponsor. I 
have the AP switch object configured to map by switch role, which sends 
a Filter-ID I can match on. If I disconnect and reconnect (and clear 
auth cache on the AP) I get the correct role, but I'm trying to work out 
how to trigger a CoA so that step isn't needed.


Reading through the source, it looks like CoA to change role isn't 
implemented, based on this line in ReAssignVlan() in api.pm:


$logger->error("Connection type is not wired. Could not 
reassign VLAN.");


So there would need to be some work done to allow CoA for wireless. 
Which is fairly well supported these days, off the top of my head, 
Extreme (XCC, WiNG, XIQ), Aruba (Controller and Instant), Cisco (WLC and 
Meraki), Mist can all do it in various fashions.


While investigating, I was looking at the files pf/Switch and was trying 
to work out what the difference between say AeroHIVE.pm, AeroHIVE/AP.pm 
and AeroHIVE/Access_Point.def are. The developer's guide says to use 
.def, so is that the new way and the others are old? When creating a 
switch, AeroHIVE::Access_Point shows a button to view a switch template, 
but AeroHIVE::AP doesn't. Selectin AeroHIVE::AP makes a setting for 
External Portal Enforcement visible, I guess because it has 
ExternalPortal in pf::SwitchSupports?


Thanks,

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Radius error oauth2.cache_password doesn't exist

[Theo Massalene via PacketFence-users]

Hello,
We have moved back in to standing up Packet Fence in our 
environment. We have updated to v12. The end goal would be to authenticate via 
azure but as we have a hybrid environment at the moment. I am attempting to 
stand up the local active directory radius authentication before moving 
directly to azure.

The radius message is  giving an error:
Config item \"realm[default].oauth2.cache_password\" does not exist

I noticed that the authentication messages is adding extra backslashes in the 
sql name and the username?

I have a machine catch-all  and a user filter I can include their config if 
needed.

Internal ad validates

Was able to complete the authentication test as well using ad credentials.

I have azure realm set up but it is not being used at the moment.


Default Radius Group
[cid:image001.png@01D8F90C.845A64F0]
Sanatized Switch group config
[cid:image002.png@01D8F90C.845A64F0]
Sanitized  Switch Config

[cid:image003.png@01D8F90C.845A64F0]
Sanitized Radius message:
Sanitized Radius Auth - Pastebin.com

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Disable default connection profile

[James Andrewartha via PacketFence-users]

Hi,

I'm trying to understand connection profiles, and so wanted to disable 
the default so it's not matched, or at least not matched first. But I 
can't disable it or reorder it. I tried this at the top of profiles.conf 
but that just disabled all the other profiles instead:


[default]
status=disabled

Should I just be changing it to suit my own needs? Or could I delete 
profiles.conf.defaults?


Thanks,

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users