Re: [PacketFence-users] Unifi switch CoA support

2023-03-14 Thread Fabrice Durand via PacketFence-users 
Hello Francis,

if i am not wrong you should be able to see the option if you switch to the
legacy view of the controller.
Also you can connect on the AP (ssh) and see if the port 3799 UDP is
listening.

Regards

Fabrice


Le mar. 14 mars 2023 à 15:50, Francis via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello,
>
> I wonder if someone is using Unifi switches with packetfence? I understand
> I need to activate CoA support to make it working with PF.
>
> I found release notes that say it was added by Ubiquiti in version 5.12.22
> of Unifi Controller. I found old screenshots that show the options but I
> fail to find it in the newest version (Unifi controller 7.3.83 with all
> firmware up to date).
>
> I found some posts in the UI forums of others wondering the same thing but
> they never got answers and Ubiquiti support failed to reply to my ticket
> for almost a week. So I wonder... maybe they just silently dropped CoA
> support?
>
> Thanks!
>
> --
> Francis
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Unifi switch CoA support

2023-03-14 Thread Francis via PacketFence-users 
Hello,

I wonder if someone is using Unifi switches with packetfence? I understand
I need to activate CoA support to make it working with PF.

I found release notes that say it was added by Ubiquiti in version 5.12.22
of Unifi Controller. I found old screenshots that show the options but I
fail to find it in the newest version (Unifi controller 7.3.83 with all
firmware up to date).

I found some posts in the UI forums of others wondering the same thing but
they never got answers and Ubiquiti support failed to reply to my ticket
for almost a week. So I wonder... maybe they just silently dropped CoA
support?

Thanks!

-- 
Francis
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Unable to upgrade from 11.2 to 12.2

2023-03-14 Thread de Lutti Andrea via PacketFence-users 
Good morning everyone,
I have tried a lot of times to upgrade my three nodes cluster.
I have followed the upgrade guide 
https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_performing_an_upgrade_on_a_cluster
I receive the configuration sanity warning
Use of uninitialized value in concatenation (.) or string at 
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 59
Could not write namespace config::PfDefault() to L2 cache !
Could not write namespace config::Documentation() to L2 cache !
Could not write namespace config::Cluster(DEFAULT) to L2 cache !

When performing detaching node C from cluster 
(https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_detach_node_c_from_the_cluster
 ), restarting proxysql give me the error

/usr/local/pf/bin/pfcmd service proxysql restart
Usage:
pfcmd service 
[start|stop|restart|status|generateconfig|updatesystemd]
[--ignore-checkup]

  stop/stop/restart specified service
  status returns PID of specified PF daemon or 0 if not running.

  --ignore-checkup will start the requested services even if the checkup 
fails

Services managed by PacketFence:

  api-frontend   | Golang daemon providing API
  fingerbank-collector   | Fingerprinting data collection daemon
  galera-autofix | Automated recovery of Galera clusters
  haproxy-admin  | haproxy admin daemon
  haproxy-db | haproxy database daemon
  haproxy-portal | haproxy portal daemon
  httpd.aaa  | Apache AAA webservice
  httpd.admin_dispatcher | Admin GUI dispatcher
  httpd.collector| Apache Collector daemon
  httpd.dispatcher   | Captive portal dispatcher
  httpd.portal   | Apache Captive Portal
  httpd.proxy| Apache Proxy Interception
  httpd.webservices  | Apache Webservices
  iptables   | PacketFence firewall rules
  keepalived | Virtual IP management
  mysql-probe| MySQL probe service
  netdata| Monitoring service
  pfacct | Netflow and Radius Accounting service
  pf | all services that should be running based on 
your config
  pfcertmanager  | Certificate Manager Service
  pfcron | PF Cron daemon
  pfdetect   | PF snort alert parser
  pfdhcp | dhcpd daemon
  pfdhcplistener | PF DHCP monitoring daemon
  pfdns  | DNS daemon
  pffilter   | PF conditions filtering daemon
  pfipset| IPSET daemon
  pfperl-api | Perl daemon providing API
  pfpki  | PKI daemon
  pfqueue| PF queueing service
  pfsso  | Firewall SSO daemon
  pfstats| PF statistics daemon
  radiusd| FreeRADIUS daemon
  radsniff   | radsniff daemon
  redis_ntlm_cache   | Redis for the NTLM cache
  redis_queue| Redis for pfqueue
  snmptrapd  | SNMP trap receiver daemon
 tc | Traffic shaping service
  tracking-config| Tracking configuration change
  winbindd   | Winbind daemon

Next, when upgrading node C 
(https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_full_upgrade_for_packetfence_versions_11_1_0_and_later)
 , I have:

/usr/local/pf/addons/upgrade/do-upgrade.sh
=
Installing or upgrading the upgrade tools for PacketFence
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
packetfence-upgrade is already the newest version 
(11.2.0+20230215141130+779155622+0011+maintenance~11.2+bullseye1).
0 upgraded, 0 newly installed, 0 to remove and 180 not upgraded.
=
Starting upgrade process
=
Attempting to disable the monit service so it doesn't interfere with the upgrade
Synchronizing state of monit.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable monit
Attempting to stop the monit service so it doesn't interfere with the upgrade
-
Stopping the PacketFence services
.

=
Updating /usr/local/pf/addons/backup-and-maintenance.sh from Github
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100 10594  100 105940 0  50688  0 --:--:-- --:--:-- --:--:-- 50688

Re: [PacketFence-users] Regenerate a new self-signed certificate or update your current certificate.

2023-03-14 Thread P.Thirunavukkarasu via PacketFence-users 
Thanks, Team.
No success in that
The O/P given below for your reference





*root@packetfence:~# cd /usr/local/pfroot@packetfence:/usr/local/pf# make
conf/ssl/server.crtmake: Circular conf/ssl/server.crt <-
conf/ssl/server.crt dependency dropped.make: 'conf/ssl/server.crt' is up to
date.root@packetfence:/usr/local/pf#*

Thanks and regards
Thirunavukkarasu
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] change HTTPs cert; chain invalid

2023-03-14 Thread Mudrich, J. via PacketFence-users 
Hello Ludovic,

thanks for the hint. It works. So adding my CA to the ca-certificates wasn’t 
necessary?

Kind regards
Johannes




Johannes Mudrich
Mitarbeiter
IT

Altmark-Klinikum gGmbH
Ernst-von-Bergmann-Straße 22
39638 Gardelegen

Tel.:03907 791229
Fax.:03907 791248
Mail:j.mudr...@altmark-klinikum.de
Von: Zammit, Ludovic [mailto:luza...@akamai.com]
Gesendet: Montag, 13. März 2023 16:35
An: Mudrich, J. 
Cc: PacketFence-users 
Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid

Hello Johannes,

Turn off the intermediates fetch automatically and add your own ca manually.

PF can’t reach the intermediates so it fails.

Thanks,


Ludovic Zammit
Product Support Engineer Principal Lead

[https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png]


Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142


Connect with Us:

[https://www.akamai.com/us/en/multimedia/images/custom/community.jpg][https://www.akamai.com/us/en/multimedia/images/custom/rss.png][https://www.akamai.com/us/en/multimedia/images/custom/twitter.png][https://www.akamai.com/us/en/multimedia/images/custom/fb.png][https://www.akamai.com/us/en/multimedia/images/custom/in.png][https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]



On Mar 10, 2023, at 2:32 AM, Mudrich, J. 
mailto:j.mudr...@altmark-klinikum.de>> wrote:

Hello Ludovic,

yes, I am using an internal PKI. I even verified the chain with openssl:

root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile 
/etc/ssl/certs/akgaca.ak.local.pem server.crt
server.crt: OK
root@akgapf:/usr/local/pf/conf/ssl# openssl verify -CAfile 
/etc/ssl/certs/akgaca.ak.local.pem server.pem
server.pem: OK

PF gives me the following error message:

Failed verifying chain: error stdin: verification failed . Unable to fetch all 
the intermediates through the information contained in the certificate. You 
will have to upload the intermediate chain manually in x509 (Apache) format.
config/certificate/http

There are no intermediates!

you’ll find the chain attached.

Kind regards
Johannes






Johannes Mudrich
Mitarbeiter
IT

Altmark-Klinikum gGmbH
Ernst-von-Bergmann-Straße 22
39638 Gardelegen
Tel.:

 03907 791229

Fax.:

 03907 791248

Mail:

 j.mudr...@altmark-klinikum.de

Von: Zammit, Ludovic [mailto:luza...@akamai.com]
Gesendet: Donnerstag, 9. März 2023 21:07
An: PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
Cc: Mudrich, J. 
mailto:j.mudr...@altmark-klinikum.de>>
Betreff: Re: [PacketFence-users] change HTTPs cert; chain invalid

Hello Johannes,

I’m assuming you are issuing a certificate from your internal PKI right ?

Can you show me the chain and the error that you have currently ?

Thanks,



Ludovic Zammit
Product Support Engineer Principal Lead

[https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png]


Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142


Connect with Us:

[https://www.akamai.com/us/en/multimedia/images/custom/community.jpg][https://www.akamai.com/us/en/multimedia/images/custom/rss.png][https://www.akamai.com/us/en/multimedia/images/custom/twitter.png][https://www.akamai.com/us/en/multimedia/images/custom/fb.png][https://www.akamai.com/us/en/multimedia/images/custom/in.png][https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]




On Mar 9, 2023, at 3:01 AM, Mudrich, J. via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hi,

I would like to change the existing HTTPs cert. So I created one in my own CA. 
Added the cert and key into Configuration -> System Configuration -> SSL 
Certificates.
Then I added my CA root cert to /usr/local/share/ca-certificates and ran 
update-ca-certificates. It’s now present in /etc/ssl/certs.

But PF still says “Chain is invalid”. Do I need to add the root cert somewhere 
else?

Thanks