Re: [PacketFence-users] (no subject)

2023-05-09 Thread Fabrice Durand via PacketFence-users 
Hello,

what you can do is just to set -1 in the registration role (switch config),
then unregister devices will be rejected.

Regards
Fabrice


Le mar. 9 mai 2023 à 08:27, Mhmt U via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hi All,
>
>
>
> I trying to configure packetfence that non-authenticated users shouldn’t
> allow in policies. I couldn’t find clear way to do it. Could you pls share
> with me the right document for it.
>
> For example, if a user/pc can’t authenticate from active directory, switch
> shouldn’t allow the pc. Or if mab doesn’t authenticate the pc, switch
> should block the port.
>
> Environment: packefence with radius, Huawei switch 5700 series
>
>
>
> Kindly,
>
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal and DACLs problems on version 12.2 (Aruba 2930M)

2023-05-09 Thread Fabrice Durand via PacketFence-users 
Hello Yassine,

I backported a fix for that on 12.2 , the new package should be available
tomorrow.

Regards
Fabrice


Le mar. 9 mai 2023 à 08:28, TISSIR, Yassine via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Still stuck on the same problem
> Any suggestion would be really appreciated
>
> Le lun. 3 avr. 2023 à 23:20, TISSIR, Yassine <56...@etu.he2b.be> a écrit :
>
>> Hello everyone ,
>> I'm currently testing packetfence for my company. I started with version
>> 11.2 but I decided to upgrade to 12.2 because of an issue that I think
>> prevented getting the captive portal to work in vlan enforcement mode (A
>> guest computer placed in the registration VLAN was redirected to
>> "packetfence.domain/captive-portal" that points to  66.70.255.147 but the
>> page was loading indefinitely). The problem is that after the update I have
>> the following error when trying to save ACLs for registration VLAN:
>>
>>  "AccessListMapping.0.accesslist: WARNING: Syntax error in
>> ACL:packetfence, near: >in<.
>> "config/switch/192.168.1.10"
>>
>> I also had an AD authentication source for the domain computers that
>> worked fine before the update, but stopped working now (Audit tab shows
>> successfuls authentications, but the computers don't get internet access
>> anymore).
>>
>> Here is my switches.conf :
>>
>> [default]
>> description=aruba sw
>> VlanMap=N
>> ExternalPortalEnforcement=Y
>> deauthOnPrevious=N
>> [192.168.1.10]
>> group=default
>> description=ARUBA 2930
>> wsPwd=xx
>> wsUser=xx
>> SNMPPrivProtocolWrite=md5
>> SNMPPrivProtocolRead=md5
>> SNMPAuthProtocolRead=md5
>> SNMPAuthProtocolWrite=md5
>> SNMPUserNameWrite=xx
>> SNMPVersion=3
>> SNMPUserNameRead=xx
>> SNMPAuthPasswordWrite=xx
>> SNMPAuthPasswordRead=xx
>> SNMPPrivPasswordRead=xx
>> SNMPPrivPasswordWrite=xx
>> SNMPEngineID=xx
>> SNMPPrivProtocolTrap=AES
>> SNMPUserNameTrap=xx
>> SNMPAuthProtocolTrap=md5
>> SNMPVersionTrap=3
>> SNMPAuthPasswordTrap=xx
>> SNMPPrivPasswordTrap=xx
>> guestVlan=10
>> defaultVlan=10
>> registrationVlan=20
>> type=Aruba::2930M
>> radiusSecret=xx
>> VlanMap=Y
>> coaPort=3799
>> isolationVlan=99
>> UserVlan=10
>> macDetectionVlan=20
>> ExternalPortalEnforcement=N
>> registrationUrl=http://192.168.1.4/Aruba::2930M
>> UrlMap=Y
>> AccessListMap=Y
>>
>>
>> The ACLS that I try to save are the one from the Network Devices
>> Configuration Guide for Aruba 2930 switch:
>>
>> permit in tcp from any to 192.168.1.4 80
>> permit in tcp from any to 192.168.1.4 443
>> deny in tcp from any to any 80 cpy
>> deny in tcp from any to any 443 cpy
>> permit in udp from any to any 53
>> permit in udp from any to any 67
>>
>> Any help would be really appreciated
>>
>>
>>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] (no subject)

2023-05-09 Thread Mhmt U via PacketFence-users 
Hi All, I trying to configure packetfence that non-authenticated users shouldn’t allow in policies. I couldn’t find clear way to do it. Could you pls share with me the right document for it. For example, if a user/pc can’t authenticate from active directory, switch shouldn’t allow the pc. Or if mab doesn’t authenticate the pc, switch should block the port. Environment: packefence with radius, Huawei switch 5700 series Kindly,  

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal and DACLs problems on version 12.2 (Aruba 2930M)

2023-05-09 Thread TISSIR, Yassine via PacketFence-users 
Still stuck on the same problem
Any suggestion would be really appreciated

Le lun. 3 avr. 2023 à 23:20, TISSIR, Yassine <56...@etu.he2b.be> a écrit :

> Hello everyone ,
> I'm currently testing packetfence for my company. I started with version
> 11.2 but I decided to upgrade to 12.2 because of an issue that I think
> prevented getting the captive portal to work in vlan enforcement mode (A
> guest computer placed in the registration VLAN was redirected to
> "packetfence.domain/captive-portal" that points to  66.70.255.147 but the
> page was loading indefinitely). The problem is that after the update I have
> the following error when trying to save ACLs for registration VLAN:
>
>  "AccessListMapping.0.accesslist: WARNING: Syntax error in
> ACL:packetfence, near: >in<.
> "config/switch/192.168.1.10"
>
> I also had an AD authentication source for the domain computers that
> worked fine before the update, but stopped working now (Audit tab shows
> successfuls authentications, but the computers don't get internet access
> anymore).
>
> Here is my switches.conf :
>
> [default]
> description=aruba sw
> VlanMap=N
> ExternalPortalEnforcement=Y
> deauthOnPrevious=N
> [192.168.1.10]
> group=default
> description=ARUBA 2930
> wsPwd=xx
> wsUser=xx
> SNMPPrivProtocolWrite=md5
> SNMPPrivProtocolRead=md5
> SNMPAuthProtocolRead=md5
> SNMPAuthProtocolWrite=md5
> SNMPUserNameWrite=xx
> SNMPVersion=3
> SNMPUserNameRead=xx
> SNMPAuthPasswordWrite=xx
> SNMPAuthPasswordRead=xx
> SNMPPrivPasswordRead=xx
> SNMPPrivPasswordWrite=xx
> SNMPEngineID=xx
> SNMPPrivProtocolTrap=AES
> SNMPUserNameTrap=xx
> SNMPAuthProtocolTrap=md5
> SNMPVersionTrap=3
> SNMPAuthPasswordTrap=xx
> SNMPPrivPasswordTrap=xx
> guestVlan=10
> defaultVlan=10
> registrationVlan=20
> type=Aruba::2930M
> radiusSecret=xx
> VlanMap=Y
> coaPort=3799
> isolationVlan=99
> UserVlan=10
> macDetectionVlan=20
> ExternalPortalEnforcement=N
> registrationUrl=http://192.168.1.4/Aruba::2930M
> UrlMap=Y
> AccessListMap=Y
>
>
> The ACLS that I try to save are the one from the Network Devices
> Configuration Guide for Aruba 2930 switch:
>
> permit in tcp from any to 192.168.1.4 80
> permit in tcp from any to 192.168.1.4 443
> deny in tcp from any to any 80 cpy
> deny in tcp from any to any 443 cpy
> permit in udp from any to any 53
> permit in udp from any to any 67
>
> Any help would be really appreciated
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence like radius server with integrate Active Directory

2023-05-09 Thread Martijn Langendoen via PacketFence-users 
Hoi Stéphane,

Yes! PF can do the job but… Maybe you are better off with only a pair of Linux 
with Freeradius. What you asking is very simple to setup and PF maybe a 
overkill.

I use the same setup with a pair of Debian linux with freeradius for my cisco 
and juniper switches for admin access and I use PF only for BOYD and snmptraps 
or 802.1X access for clients.

Goodluck!

[http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg]

[cid:image007.png@01D981E8.CF414FA0]

Martijn Langendoen
netwerkbeheerder
mlangend...@dezb.nl

[cid:image007.png@01D981E8.CF414FA0]

0118 654307

[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg][http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg][http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg][http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]/dezbnl
www.dezb.nl

[cid:image007.png@01D981E8.CF414FA0]

Kousteensedijk 7
4331 JE Middelburg
Postbus 8004
4330 EA Middelburg



Van: stephane Miguel via PacketFence-users 

Verzonden: 06 May 2023 03:51
Aan: packetfence-users@lists.sourceforge.net
CC: stephane Miguel 
Onderwerp: [PacketFence-users] Packetfence like radius server with integrate 
Active Directory


Opgelet: Deze e-mail is afkomstig van buiten de organisatie. Klik niet op links 
of open geen bijlagen tenzij je de afzender kent en weet dat de inhoud veilig 
is.





hello all

I come to you because I am testing different solution to implement in my 
information system and my need is to use your packetfence tools as radius 
mediator.
can I use packetfence only to control access to an environment
  heterogeneous with 100 cisco and aruba switches.

the idea would be to control access for a limited group of admins who will have 
to connect to the switches to enter their account (domain username and 
password) if it is a user that matches the admin group they will be directly in 
privilege 15 .
other users will be rejected.
if the packetfence server is off or unreachable, a connection proposal with the 
local identifiers and password must be proposed.
in this case, I only wanted this feature without using the advanced features of 
802.1x etc...

Best regards

Stéphane

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users