[PacketFence-users] Issue upgrading to 12.1

2022-12-08 Thread Petticrew, Jeremy via PacketFence-users 
Hello all,

We are currently on 12.0.0 GIT Commit ID 
037a8c6ded59a016b20af520f9a67fe752a97abd.

I have run /usr/local/pf/addons/upgrade/do-upgrade.sh multiple times and each 
time it stops all services, identifies we do not have a galera cluster, then 
the script stops. If I restart the server or re-enable the services, everything 
comes back, but we are still on 12.0.0.

Is there an additional command that needs to be run to get this upgrade 
completed?
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

2022-12-08 Thread Fabrice Durand via PacketFence-users 
Hello Guys,

the issue is because of the sql buffer is not big enough to store the
content of the request.
I tried to do a patch to raise the size in FreeRADIUS but it created issue
in the proxy module.
So it will be fixed when packetfence will use the FreeRADIUS v4 version.

Regards
Fabrice


Le jeu. 8 déc. 2022 à 15:04, merkhabha via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello,
>
> I reinstalled the host, add more cpus and memory and it worked.
>
> Regards
>
> Sent with Proton Mail  secure email.
>
> --- Original Message ---
> On Thursday, December 8th, 2022 at 8:24 AM, Renato Pereira via
> PacketFence-users  wrote:
>
> Hi all,
>
> I have same problem, I booted my cluster but not fixed.
>
> Regards,
> --
> *De:* P.Thirunavukkarasu via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
> *Enviado:* quarta-feira, 7 de dezembro de 2022 07:12
> *Para:* packetfence-users@lists.sourceforge.net <
> packetfence-users@lists.sourceforge.net>
> *Cc:* P.Thirunavukkarasu 
> *Assunto:* Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request
> empty
>
> The same issue I was faced
> Then I restarted all services in PF and the issue resolved
> Regards,
> Thirunavukkarasu
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

2022-12-08 Thread merkhabha via PacketFence-users 
Hello,

I reinstalled the host, add more cpus and memory and it worked.

Regards

Sent with [Proton Mail](https://proton.me/) secure email.

--- Original Message ---
On Thursday, December 8th, 2022 at 8:24 AM, Renato Pereira via 
PacketFence-users  wrote:

> Hi all,
>
> I have same problem, I booted my cluster but not fixed.
>
> Regards,
>
> ---
>
> De: P.Thirunavukkarasu via PacketFence-users 
> 
> Enviado: quarta-feira, 7 de dezembro de 2022 07:12
> Para: packetfence-users@lists.sourceforge.net 
> 
> Cc: P.Thirunavukkarasu 
> Assunto: Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty
>
> The same issue I was faced
> Then I restarted all services in PF and the issue resolved
> Regards,
> Thirunavukkarasu___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

2022-12-08 Thread Renato Pereira via PacketFence-users 
Hi all,

I have same problem, I booted my cluster but not fixed.

Regards,

De: P.Thirunavukkarasu via PacketFence-users 

Enviado: quarta-feira, 7 de dezembro de 2022 07:12
Para: packetfence-users@lists.sourceforge.net 

Cc: P.Thirunavukkarasu 
Assunto: Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

The same issue I was faced
Then I restarted all services in PF and the issue resolved
Regards,
Thirunavukkarasu
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Debian 11.5 installation

2022-12-08 Thread merkhabha via PacketFence-users 
Hello,

I got errors at the end of the installation :

Could not write namespace resource::cluster_servers() to L2 cache !
Could not write namespace resource::unified_api_system_user() to L2 cache !
...
Could not write namespace config::Network() to L2 cache !Could not write 
namespace config::Network() to L2 cache !
Fixed permissions.
Starting PacketFence Administration GUI...
Job for packetfence-httpd.admin_dispatcher.service failed because a timeout was 
exceeded.
See "systemctl status packetfence-httpd.admin_dispatcher.service" and 
"journalctl -xe" for details.
dpkg: error processing package packetfence (--configure):
installed packetfence package post-installation script subprocess returned 
error exit status 1
Setting up perlmagick (8:6.9.11.60+dfsg-1.3) ...
Processing triggers for ufw (0.36-7.1) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for dbus (1.12.24-0+deb11u1) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
Errors were encountered while processing:
packetfenceE: Sub-process /usr/bin/dpkg returned an error code (1)

# systemctl status packetfence-httpd.admin_dispatcher.service
● packetfence-httpd.admin_dispatcher.service - PacketFence HTTP Admin 
Dispatcher
Loaded: loaded (/lib/systemd/system/packetfence-httpd.admin_dispatcher.service; 
enabled; vendor preset: enabled)
Active: activating (start) since Thu 2022-12-08 07:35:27 EST; 1min 17s ago
Process: 1170 ExecStartPre=/bin/perl -I/usr/local/pf/lib 
-I/usr/local/pf/lib_perl/lib/perl5 
-Mpf::services::manager::httpd_admin_dispatcher -e 
pf::services::manager::httpd_admin_dis>
Main PID: 1491 (httpd.admin_dis)
Tasks: 12 (limit: 2336)
Memory: 15.4M
CPU: 1.064s
CGroup: /packetfence.slice/packetfence-httpd.admin_dispatcher.service
├─1491 /bin/bash /usr/local/pf/sbin/httpd.admin_dispatcher-docker-wrapper
├─1546 /usr/local/pf/sbin/sdnotify-proxy 
/usr/local/pf/var/run/httpd.admin_dispatcher-systemd-notify.sock 
/usr/bin/docker run --volume=/usr/local/pf/var/run/httpd.admin_dis>
└─1582 /usr/bin/docker run 
--volume=/usr/local/pf/var/run/httpd.admin_dispatcher-systemd-notify.sock:/usr/local/pf/var/run/httpd.admin_dispatcher-systemd-notify.sock
 --env >

Dec 08 07:35:27 x systemd[1]: Starting PacketFence HTTP Admin Dispatcher...
Dec 08 07:36:02 x httpd.admin_dispatcher-docker-wrapper[1491]: Running with 
args --sig-proxy=true --rm --name=httpd.admin_dispatcher 
--add-host=containers-gateway.internal:host-ga>
Dec 08 07:36:05 x httpd.admin_dispatcher-docker-wrapper[1545]: Error: No such 
container: httpd.admin_dispatcherDec 08 07:36:05 x 
httpd.admin_dispatcher-docker-wrapper[1545]: Error: No such container: 1

Regards

Sent with [Proton Mail](https://proton.me/) secure email.___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issues doing captive-portal auth with FortiGate and FortiAPs

2022-12-08 Thread Matthies, Heiko via PacketFence-users 
Greetings,

i managed to work around this issue, although I still believe this is not the 
correct behavior and should be treated as a bug. More to that later.
I changed the method "_isSwitchSupported" in the File 
/usr/local/pf/lib/pf/radius.pm like below:
sub _isSwitchSupported {
my ($self, $args) = @_;
my $logger = $self->logger;

if ($args->{'connection_type'} == $WIRED_MAC_AUTH) {
return $args->{'switch'}->supportsWiredMacAuth();
} elsif ($args->{'connection_type'} == $WIRED_802_1X) {
return $args->{'switch'}->supportsWiredDot1x();
} elsif ($args->{'connection_type'} == $WIRELESS_MAC_AUTH) {
# TODO implement supportsWirelessMacAuth (or supportsWireless)
$logger->trace("Wireless doesn't have a supports...() call for now, 
always say it's supported");
return $TRUE;
} elsif ($args->{'connection_type'} == $WIRELESS_802_1X) {
# TODO implement supportsWirelessMacAuth (or supportsWireless)
$logger->trace("Wireless doesn't have a supports...() call for now, 
always say it's supported");
return $TRUE;
}
return $TRUE;
}

I'm aware that this is a really dirty workaround but it's the only thing that 
helped. Afterwards I edited the file 
/usr/local/pf/sbin/httpd.aaa-docker-wrapper to include the lib folder from 
packetfence:
args="$args -v/usr/local/pf/lib/:/usr/local/pf/lib/ 
-v/usr/local/pf/conf/:/usr/local/pf/conf/ 
-v/usr/local/pf/var/conf/:/usr/local/pf/var/conf/ -p 100.64.0.1:7070:7070 -p 
127.0.0.1:7070:7070"

After a restart of packetfence-httpd.aaa the Fortigate Auth got accepted and 
I'm able to use the captive portal. 

Now to my thoughts:
I think the RADIUS Request gets treated incorrectly as there is no 
Connection-Type being sent with the original Request (I've looked at the 
wireshark trace of the requests). I've compared the trace to a real CLI-Request 
from a Cisco switch and the difference is that the FortiGate fills the 
Connect-Info field with the value "web-auth" whereas the Cisco doesn’t attach 
this field at all. Also, the Fortigate provides the Called-Station-Id + 
Calling-Station-Id -> this should be treated like a normal radius 
authentication but gets classified as some kind of cli-auth.

I've opened a bug-report on github, but maybe its only some kind of 
misunderstanding from my side:
https://github.com/inverse-inc/packetfence/issues/7402

I'd be happy to provide packet-traces or additional logs if needed.

Mit freundlichen Grüßen
 
i.A. Heiko Matthies
IT



ASAP Engineering GmbH Sachsstraße 1A | 85080 Gaimersheim
Tel. +49 8458 3389 252 | Fax. +49 (8458) 3389 399 |
heiko.matth...@asap.de | www.asap.de

Geschäftsführer: Michael Neisen, Robert Werner, Christian Schweiger | Sitz der 
Gesellschaft: Gaimersheim | Amtsgericht: Ingolstadt HRB 5408 

Datenschutz: Ausführliche Informationen zum Umgang mit Ihren personenbezogenen 
Daten bei ASAP erhalten Sie auf unserer Website unter 
www.asap.de\datenschutz.-Ursprüngliche Nachricht-
Von: Matthies, Heiko  
Gesendet: Freitag, 2. Dezember 2022 10:38
An: packetfence-users@lists.sourceforge.net
Betreff: AW: Issues doing captive-portal auth with FortiGate and FortiAPs

Greetings,

I troubleshooted some more and found out, that I receive the following message 
in packetfence.log:
Dec 2 10:19:42 packetfence httpd.aaa-docker-wrapper[110944]: httpd.aaa(1855) 
INFO: [mac:a0:51:0b:6a:47:b2] handling radius autz request: from switch_ip => 
(10.255.20.19), connection_type => CLI-Access,switch_mac => 
(d4:76:a0:d2:b9:50), mac => [a0:51:0b:6a:47:b2], port => external, username => 
"group\matthieh" (pf::radius::authorize) Dec 2 10:19:42 packetfence 
httpd.aaa-docker-wrapper[110944]: httpd.aaa(1855) WARN: [mac:a0:51:0b:6a:47:b2] 
(10.255.20.19) Sending REJECT since switch is unsupported 
(pf::radius::_switchUnsupportedReply)

I then checked the code in /usr/local/pf/lib/pf/radius.pm and found the 
following lines:
sub _isSwitchSupported {
my ($self, $args) = @_;
my $logger = $self->logger;

if ($args->{'connection_type'} == $WIRED_MAC_AUTH) {
return $args->{'switch'}->supportsWiredMacAuth();
} elsif ($args->{'connection_type'} == $WIRED_802_1X) {
return $args->{'switch'}->supportsWiredDot1x();
} elsif ($args->{'connection_type'} == $WIRELESS_MAC_AUTH) {
# TODO implement supportsWirelessMacAuth (or supportsWireless)
$logger->trace("Wireless doesn't have a supports...() call for now, 
always say it's supported");
return $TRUE;
} elsif ($args->{'connection_type'} == $WIRELESS_802_1X) {
# TODO implement supportsWirelessMacAuth (or supportsWireless)
$logger->trace("Wireless doesn't have a supports...() call for now, 
always say it's supported");
return $TRUE;
}
}

=item * _switchUnsupportedReply - what is sent to RADIUS when a switch is 
unsupported

=cut

sub _switchUnsupportedReply {
my ($self, $args) = @_;
my $logger = $self->logger;

$logger->warn("(" .

Re: [PacketFence-users] WiFi captive portal (with Unifi controller) don't work

2022-12-08 Thread Ahiya Zadok via PacketFence-users 
Hello again


Any thoughts here?

I really appreciate any help you can provide.


Thanks


-Original Message-
From: Ahiya Zadok 
Sent: Tuesday, 6 December 2022 18:53
To: 'packetfence-users@lists.sourceforge.net'

Subject: WiFi captive portal (with Unifi controller) don't work


Hello community

I'm new in the Packetfence/Captive portals arena.
Till now, I've only used the Unifi built-in captive portal, but I'm
experiencing performance issues, and the features are pretty limited.
I've used the latest PF Zen version on a VMware machine.

As a beginner, I wanted first to accomplish a simple captive portal, approve
the term and click connect, with no data collection or anything complex.

My PF server is installed remotely, like my controller (installed in AWS).

I've followed the guides I've found online (configuration described below).
But every time I try to connect to the guest WLAN, I get the error message
the server can't be reached.
This is the redirection URL -
http://packetfence.packetfence.org/captive-portal?destination_url=http://X.X.X.X/guest/s/m9s71fxm/?ap=68:d7:9a:16:07:2a=d4:6d:6d:38:8d:80=1670343693=http://www.msftconnecttest.com%2Fredirect=test

The PF is fully reachable from the WAP and controller.


I really appreciate any help you can provide.


Thanks


Configuration:

PF side:
---

* The server is behind NAT (one-to-one) and FW and fully open to my address.
* one interface is configured (Management), and the portal listening daemon
is enabled.
*Captive portal is enabled:
   Network detection - disabled
   IP address - the external IP
*Authentication Source:
 Name - null-source
Rule -  catchall, Role (guests) Duration (12 hours)
*switch:
Ip address- external controller IP
   Type- Unifi controller
   Deauthentication Method - HTTPS
  External Portal Enforcement - yes
 Mode - production
Web services - HTTPS, username/password of the controller 
*connection
profile:
Enabled
Filter- connection type (wireless-web-auth)
Source - null-source

I've restarted the restart pfcron service and run the below command:
/usr/local/pf/bin/pfcmd pfcron ubiquiti_ap_mac_to_ip /usr/local/pf/bin/pfcmd
cache switch_distributed list

Unifi side:
-

Created and open auth WLAN and Apply guest policies.
On the Guest portal section:
Authentication - External portal server
Custom Portal - PF external IP
Pre-Authorization Access - PF external IP
Use Secure Portal
Enable HTTPS Redirection


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

2022-12-08 Thread P.Thirunavukkarasu via PacketFence-users 
The same issue I was faced
Then I restarted all services in PF and the issue resolved
Regards,
Thirunavukkarasu
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users