date:20231031

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

2023-10-31 Thread Fabrice Durand via PacketFence-users

so you can try with the Cisco::Cisco_IOS_15_0 switch module and do 802.1x

Le mar. 31 oct. 2023 à 15:31, Akram Abdallah  a
écrit :

> It supports 802.1x without mab
>
> On Tue, 31 Oct 2023, 8:01 pm Fabrice Durand,  wrote:
>
>> does it support radius mab/802.1x ?
>>
>> Le mar. 31 oct. 2023 à 13:22, Akram Abdallah via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Is the Cisco CBS 220 switch compatible with Packetfence ?
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

2023-10-31 Thread Akram Abdallah via PacketFence-users

It supports 802.1x without mab

On Tue, 31 Oct 2023, 8:01 pm Fabrice Durand,  wrote:

> does it support radius mab/802.1x ?
>
> Le mar. 31 oct. 2023 à 13:22, Akram Abdallah via PacketFence-users <
> packetfence-users@lists.sourceforge.net> a écrit :
>
>> Is the Cisco CBS 220 switch compatible with Packetfence ?
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Corey Keeling (Shared Services - Staff) via PacketFence-users

That does sound good and maybe later a more advanced option where we can do 
custom queries against users and devices.


Corey Keeling | Senior IT Technician



All support requests to

Parkside: itserviced...@parksidecc.org.uk

Coleridge: itserviced...@coleridgecc.org.uk

Trumpington: itserviced...@trumpingtoncc.org.uk

CAST: itserviced...@cambridgeast.org.uk

Galfrid: itserviced...@thegalfridschool.org.uk

Shared Services: sharedserv...@coleridgecc.org.uk


[Image]







From: Fabrice Durand 
Sent: Tuesday, October 31, 2023 6:25:24 PM
To: Corey Keeling (Shared Services - Staff) 
Cc: packetfence-users@lists.sourceforge.net 

Subject: Re: [PacketFence-users] Query AzureAD Device Groups

You don't often get email from oeufd...@gmail.com. Learn why this is 
important
Caution: This is an external email and may be malicious. Please take care when 
clicking links or opening attachments.


it could be something simple like allowing the graph api url change in the 
admin gui.
Then you will choose between device check and user check.



Le mar. 31 oct. 2023 à 14:17, Corey Keeling (Shared Services - Staff) 
mailto:corey.keel...@parksidecc.org.uk>> a 
écrit :
>From looking at that file you linked me to the %username in my case is the 
>AzureAD deviceID of the machine as that’s what I have set the certificate 
>subject too. CN={{DeviceID}}.

That graph search is looking under users, so it won’t return any groups for my 
device. It would just error out.

I imagine I could change that graph query in that file to one that searches 
groups instead but would need to test.

Is there any planned support for device lookup?


Corey Keeling | Senior IT Technician



All support requests to

Parkside: 
itserviced...@parksidecc.org.uk

Coleridge: 
itserviced...@coleridgecc.org.uk

Trumpington: 
itserviced...@trumpingtoncc.org.uk

CAST: 
itserviced...@cambridgeast.org.uk

Galfrid: 
itserviced...@thegalfridschool.org.uk

Shared Services: 
sharedserv...@coleridgecc.org.uk


[Image]







From: Fabrice Durand mailto:oeufd...@gmail.com>>
Sent: Tuesday, October 31, 2023 6:06:11 PM
To: 
packetfence-users@lists.sourceforge.net
 
mailto:packetfence-users@lists.sourceforge.net>>
Cc: Corey Keeling (Shared Services - Staff) 
mailto:corey.keel...@parksidecc.org.uk>>
Subject: Re: [PacketFence-users] Query AzureAD Device Groups

You don't often get email from oeufd...@gmail.com. 
Learn why this is important
Caution: This is an external email and may be malicious. Please take care when 
clicking links or opening attachments.


If i am not wrong the Azure AD test the user and not the machine
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28

Regards
Fabrice


Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via 
PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :
Dear community,

I have been setting up and testing out PacketFence for a number of weeks now 
and have it setup so that users can authenticate to our BYOD network using 
EAP-TLS. I also have it sort of setup to allow school azureAD devices to 
connect to our curriculum network using machine certificates. The second part 
only works if I don't set any conditions under my AzureAD authentication 
sources.

I have tried to set a condition for membership of a AzureAD group using the 
memberof option either with the Object ID of the group or it's display name, 
but it doesn't seem to work. No role gets assigned so it fails to connect. 
There doesn't even seem to be any audit log of PacketFence trying to query a 
group on the app registration end.


I know I can query the graph API via graph explorer and can find the groups my 
machine belongs too, but can PacketFence do something similar and if so, how?

The query that I used.

https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf

Regards


Corey Keeling | Senior IT Technician

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Fabrice Durand via PacketFence-users

it could be something simple like allowing the graph api url change in the
admin gui.
Then you will choose between device check and user check.



Le mar. 31 oct. 2023 à 14:17, Corey Keeling (Shared Services - Staff) <
corey.keel...@parksidecc.org.uk> a écrit :

> From looking at that file you linked me to the %username in my case is the
> AzureAD deviceID of the machine as that’s what I have set the certificate
> subject too. CN={{DeviceID}}.
>
> That graph search is looking under users, so it won’t return any groups
> for my device. It would just error out.
>
> I imagine I could change that graph query in that file to one that
> searches groups instead but would need to test.
>
> Is there any planned support for device lookup?
>
> *Corey Keeling *| *Senior IT Technician*
>
>
>
> *All support requests to*
>
> Parkside: itserviced...@parksidecc.org.uk
>
> Coleridge: itserviced...@coleridgecc.org.uk
>
> Trumpington: itserviced...@trumpingtoncc.org.uk
>
> CAST: itserviced...@cambridgeast.org.uk
>
> Galfrid: itserviced...@thegalfridschool.org.uk
>
> Shared Services: sharedserv...@coleridgecc.org.uk
>
>
> [image: Image]
>
>
>
>
>
> --
> *From:* Fabrice Durand 
> *Sent:* Tuesday, October 31, 2023 6:06:11 PM
> *To:* packetfence-users@lists.sourceforge.net <
> packetfence-users@lists.sourceforge.net>
> *Cc:* Corey Keeling (Shared Services - Staff) <
> corey.keel...@parksidecc.org.uk>
> *Subject:* Re: [PacketFence-users] Query AzureAD Device Groups
>
> You don't often get email from oeufd...@gmail.com. Learn why this is
> important 
> Caution: This is an external email and may be malicious. Please take care
> when clicking links or opening attachments.
>
>
> If i am not wrong the Azure AD test the user and not the machine
>
> https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28
>
> Regards
> Fabrice
>
>
> Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via
> PacketFence-users  a écrit :
>
> Dear community,
>
> I have been setting up and testing out PacketFence for a number of weeks
> now and have it setup so that users can authenticate to our BYOD network
> using EAP-TLS. I also have it sort of setup to allow school azureAD devices
> to connect to our curriculum network using machine certificates. The second
> part only works if I don't set any conditions under my AzureAD
> authentication sources.
>
> I have tried to set a condition for membership of a AzureAD group using
> the memberof option either with the Object ID of the group or it's display
> name, but it doesn't seem to work. No role gets assigned so it fails to
> connect. There doesn't even seem to be any audit log of PacketFence trying
> to query a group on the app registration end.
>
>
> I know I can query the graph API via graph explorer and can find the
> groups my machine belongs too, but can PacketFence do something similar and
> if so, how?
>
> The query that I used.
>
> https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf
> 
>
> Regards
>
> *Corey Keeling *| *Senior IT Technician*
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

2023-10-31 Thread Fabrice Durand via PacketFence-users

So use this one then, it doesn't contain any references of
packetfence-set-tenant-id

https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/packetfence.example


Le mar. 31 oct. 2023 à 13:23, Hubert Kupper via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello,
>
>
> I did this and the result was the following:
>
> Oct 31 07:48:25 packetfence freeradius[14439]:
> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Failed to find
> "packetfence-set-tenant-id" as a module or policy.
> Oct 31 07:48:25 packetfence freeradius[14439]:
> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that the
> configuration exists in
> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
> Oct 31 07:48:25 packetfence freeradius[14439]:
> /usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing authorize
> section.
> Oct 31 07:48:25 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Control process exited, code=exited, status=1/FAILURE
> Oct 31 07:48:25 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Failed with result 'exit-code'.
> Oct 31 07:48:25 packe
>
>
> Regards
>
> Hubert
>
> Am 30.10.23 um 14:51 schrieb Fabrice Durand via PacketFence-users:
>
> Hello,
>
> it looks that the packetfence radius config didn't applied correctly.
>
> Go in /usr/local/pf/conf/radiusd/ and copy packetfence.example to
> packetfence and restart radiusd
>
> Regards
> Fabrice
>
>
> Le lun. 23 oct. 2023 à 07:59, Hubert Kupper via PacketFence-users <
> packetfence-users@lists.sourceforge.net> a écrit :
>
>> Hi,
>>
>>
>> after upgrade packetfence 12.0 to 13.0 the radiusd-auth is not starting.
>> Syslog shows the following message:
>>
>> root@packetfence:/var/log# tail syslog
>> Oct 16 12:02:52 packetfence freeradius[16268]:
>> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that
>> the configuration exists in
>> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
>> Oct 16 12:02:52 packetfence freeradius[16268]:
>> /usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing
>> authorize section.
>> Oct 16 12:02:52 packetfence systemd[1]:
>> packetfence-radiusd-auth.service: Control process exited, code=exited,
>> status=1/FAILURE
>> Oct 16 12:02:52 packetfence systemd[1]:
>> packetfence-radiusd-auth.service: Failed with result 'exit-code'.
>> Oct 16 12:02:52 packetfence systemd[1]: Failed to start PacketFence
>> FreeRADIUS authentication multi-protocol authentication server.
>> Oct 16 12:02:52 packetfence systemd[1]:
>> packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
>> Oct 16 12:02:52 packetfence systemd[1]:
>> packetfence-radiusd-auth.service: Scheduled restart job, restart counter
>> is at 98.
>> Oct 16 12:02:52 packetfence systemd[1]: Stopped PacketFence FreeRADIUS
>> authentication multi-protocol authentication server.
>> Oct 16 12:02:52 packetfence systemd[1]:
>> packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
>> Oct 16 12:02:52 packetfence systemd[1]: Starting PacketFence FreeRADIUS
>> authentication multi-protocol authentication server...
>> root@packetfence:/var/log#
>>
>> In 12.0 all works fine.
>>
>> Regards, Hubert
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Corey Keeling (Shared Services - Staff) via PacketFence-users

>From looking at that file you linked me to the %username in my case is the 
>AzureAD deviceID of the machine as that’s what I have set the certificate 
>subject too. CN={{DeviceID}}.

That graph search is looking under users, so it won’t return any groups for my 
device. It would just error out.

I imagine I could change that graph query in that file to one that searches 
groups instead but would need to test.

Is there any planned support for device lookup?


Corey Keeling | Senior IT Technician



All support requests to

Parkside: itserviced...@parksidecc.org.uk

Coleridge: itserviced...@coleridgecc.org.uk

Trumpington: itserviced...@trumpingtoncc.org.uk

CAST: itserviced...@cambridgeast.org.uk

Galfrid: itserviced...@thegalfridschool.org.uk

Shared Services: sharedserv...@coleridgecc.org.uk


[Image]







From: Fabrice Durand 
Sent: Tuesday, October 31, 2023 6:06:11 PM
To: packetfence-users@lists.sourceforge.net 

Cc: Corey Keeling (Shared Services - Staff) 
Subject: Re: [PacketFence-users] Query AzureAD Device Groups

You don't often get email from oeufd...@gmail.com. Learn why this is 
important
Caution: This is an external email and may be malicious. Please take care when 
clicking links or opening attachments.


If i am not wrong the Azure AD test the user and not the machine
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28

Regards
Fabrice


Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via 
PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :
Dear community,

I have been setting up and testing out PacketFence for a number of weeks now 
and have it setup so that users can authenticate to our BYOD network using 
EAP-TLS. I also have it sort of setup to allow school azureAD devices to 
connect to our curriculum network using machine certificates. The second part 
only works if I don't set any conditions under my AzureAD authentication 
sources.

I have tried to set a condition for membership of a AzureAD group using the 
memberof option either with the Object ID of the group or it's display name, 
but it doesn't seem to work. No role gets assigned so it fails to connect. 
There doesn't even seem to be any audit log of PacketFence trying to query a 
group on the app registration end.


I know I can query the graph API via graph explorer and can find the groups my 
machine belongs too, but can PacketFence do something similar and if so, how?

The query that I used.

https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf

Regards


Corey Keeling | Senior IT Technician

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

2023-10-31 Thread Fabrice Durand via PacketFence-users

does it support radius mab/802.1x ?

Le mar. 31 oct. 2023 à 13:22, Akram Abdallah via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Is the Cisco CBS 220 switch compatible with Packetfence ?
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to change the host name in PF?

2023-10-31 Thread Fabrice Durand via PacketFence-users

https://mgmt_ip:1443/admin#/configuration/general

and hostnamectl set-hostname server1

Regards
Fabrice


Le mar. 31 oct. 2023 à 13:23, Thirunavukkarasu Palanisamy via
PacketFence-users  a écrit :

> Hi Team,
> Greetings of the day
> I tried to change the hostname of the PF in web-admin.
> Even after the change the hostname is shown as 'packetfence"
> How to change it?
> Thanks & Regards,
> Thirunavukkarasu
>
>
>
> *-*
> *TANUVAS*
> *The contents of this message are confidential and are not be shared with
> outside parties without prior permission*
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Fabrice Durand via PacketFence-users

If i am not wrong the Azure AD test the user and not the machine
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28

Regards
Fabrice


Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via
PacketFence-users  a écrit :

> Dear community,
>
> I have been setting up and testing out PacketFence for a number of weeks
> now and have it setup so that users can authenticate to our BYOD network
> using EAP-TLS. I also have it sort of setup to allow school azureAD devices
> to connect to our curriculum network using machine certificates. The second
> part only works if I don't set any conditions under my AzureAD
> authentication sources.
>
> I have tried to set a condition for membership of a AzureAD group using
> the memberof option either with the Object ID of the group or it's display
> name, but it doesn't seem to work. No role gets assigned so it fails to
> connect. There doesn't even seem to be any audit log of PacketFence trying
> to query a group on the app registration end.
>
>
> I know I can query the graph API via graph explorer and can find the
> groups my machine belongs too, but can PacketFence do something similar and
> if so, how?
>
> The query that I used.
>
> https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf
> 
>
> Regards
>
> *Corey Keeling *| *Senior IT Technician*
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] How to change the host name in PF?

2023-10-31 Thread Thirunavukkarasu Palanisamy via PacketFence-users

Hi Team,
Greetings of the day
I tried to change the hostname of the PF in web-admin.
Even after the change the hostname is shown as 'packetfence"
How to change it?
Thanks & Regards,
Thirunavukkarasu

-- 
_-_
*_TANUVAS_*
*The contents of this message are confidential and are not be 
shared with outside parties without prior permission*
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] No internet in the Registration vlan

2023-10-31 Thread Fabrice Durand via PacketFence-users

Hello,

it's normal that you don't have internet access fron the registration vlan,
the goal is to hit the captive portal.

Regards
Fabrice


Le lun. 30 oct. 2023 à 06:56, Thirunavukkarasu Palanisamy via
PacketFence-users  a écrit :

> Hi Team,
> Plz go thro the configuration
> Registration vlan 2
> Isolation vlan 3
>
> There is no internet in the registration vlan
>
>
>
>
>
>
>
>
>
>
>
>
> *root@packetfence:~# routeKernel IP routing tableDestination Gateway
>   Genmask Flags Metric RefUse Ifacedefault
> 172.16.10.2 0.0.0.0 UG0  00 eth0100.64.0.0
>  0.0.0.0 255.255.255.0   U 0  00 docker0link-local
>  0.0.0.0 255.255.255.252 U 0  00
> TANUVASAD-b172.16.2.0  0.0.0.0 255.255.255.0   U 0  0
>  0 eth1.2172.16.3.0  0.0.0.0 255.255.255.0   U 0  0
>0 eth1.3172.16.10.0 0.0.0.0 255.255.255.0   U 0
>  00 eth0172.16.11.0 0.0.0.0 255.255.255.0   U 0
>  00 eth1172.16.30.0 0.0.0.0 255.255.255.0   U 0
>  00 eth1.30*
>
>
>
>
>
>
>
>
>
> *root@packetfence:~# ip route showdefault via 172.16.10.2 dev eth0
> onlink100.64.0.0/24  dev docker0 proto kernel scope
> link src 100.64.0.1169.254.0.0/30  dev TANUVASAD-b
> proto kernel scope link src 169.254.0.2172.16.2.0/24 
> dev eth1.2 proto kernel scope link src 172.16.2.1172.16.3.0/24
>  dev eth1.3 proto kernel scope link src
> 172.16.3.1172.16.10.0/24  dev eth0 proto kernel
> scope link src 172.16.10.103172.16.11.0/24  dev eth1
> proto kernel scope link src 172.16.11.10172.16.30.0/24
>  dev eth1.30 proto kernel scope link src 172.16.30.2*
>
> IP assigned by the PF DHCP to the clients in the registration vlan.
> any help would be greatly appreciated
> --
> Thanks & Regards,
> Thirunavukkarasu
>
>
>
> *-*
> *TANUVAS*
> *The contents of this message are confidential and are not be shared with
> outside parties without prior permission*
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

2023-10-31 Thread Hubert Kupper via PacketFence-users


Hello,


I did this and the result was the following:

Oct 31 07:48:25 packetfence freeradius[14439]: 
/usr/local/pf/raddb/sites-enabled/packetfence[31]: Failed to find 
"packetfence-set-tenant-id" as a module or policy.
Oct 31 07:48:25 packetfence freeradius[14439]: 
/usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that 
the configuration exists in 
/usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
Oct 31 07:48:25 packetfence freeradius[14439]: 
/usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing 
authorize section.
Oct 31 07:48:25 packetfence systemd[1]: 
packetfence-radiusd-auth.service: Control process exited, code=exited, 
status=1/FAILURE
Oct 31 07:48:25 packetfence systemd[1]: 
packetfence-radiusd-auth.service: Failed with result 'exit-code'.

Oct 31 07:48:25 packe


Regards

Hubert


Am 30.10.23 um 14:51 schrieb Fabrice Durand via PacketFence-users:

Hello,

it looks that the packetfence radius config didn't applied correctly.

Go in /usr/local/pf/conf/radiusd/ and copy packetfence.example to 
packetfence and restart radiusd


Regards
Fabrice


Le lun. 23 oct. 2023 à 07:59, Hubert Kupper via PacketFence-users 
 a écrit :


Hi,


after upgrade packetfence 12.0 to 13.0 the radiusd-auth is not
starting.
Syslog shows the following message:

root@packetfence:/var/log# tail syslog
Oct 16 12:02:52 packetfence freeradius[16268]:
/usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that
the configuration exists in
/usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
Oct 16 12:02:52 packetfence freeradius[16268]:
/usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing
authorize section.
Oct 16 12:02:52 packetfence systemd[1]:
packetfence-radiusd-auth.service: Control process exited,
code=exited,
status=1/FAILURE
Oct 16 12:02:52 packetfence systemd[1]:
packetfence-radiusd-auth.service: Failed with result 'exit-code'.
Oct 16 12:02:52 packetfence systemd[1]: Failed to start PacketFence
FreeRADIUS authentication multi-protocol authentication server.
Oct 16 12:02:52 packetfence systemd[1]:
packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
Oct 16 12:02:52 packetfence systemd[1]:
packetfence-radiusd-auth.service: Scheduled restart job, restart
counter
is at 98.
Oct 16 12:02:52 packetfence systemd[1]: Stopped PacketFence
FreeRADIUS
authentication multi-protocol authentication server.
Oct 16 12:02:52 packetfence systemd[1]:
packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
Oct 16 12:02:52 packetfence systemd[1]: Starting PacketFence
FreeRADIUS
authentication multi-protocol authentication server...
root@packetfence:/var/log#

In 12.0 all works fine.

Regards, Hubert

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

smime.p7s
Description: Kryptografische S/MIME-Signatur
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Cisco CBS220 on PF

2023-10-31 Thread Khaled Hussein via PacketFence-users

Hi,

I purchased new cisco switch CBS220, and I have packetfence version 10.2,
I am  trying to add the switch but it seems it did not work, does this
switch supported and if yes how can I configure it

Thanks & Regards,



* Khaled Hussein*

*Systems Engineer Team Lead*



 kha...@bisan.com



* T *+970 2 298 5941 *Ext 202 | F* +970 2298 5942 *| M *+970 599 869 495



 www.bisan.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Corey Keeling (Shared Services - Staff) via PacketFence-users

Dear community,

I have been setting up and testing out PacketFence for a number of weeks now 
and have it setup so that users can authenticate to our BYOD network using 
EAP-TLS. I also have it sort of setup to allow school azureAD devices to 
connect to our curriculum network using machine certificates. The second part 
only works if I don't set any conditions under my AzureAD authentication 
sources.

I have tried to set a condition for membership of a AzureAD group using the 
memberof option either with the Object ID of the group or it's display name, 
but it doesn't seem to work. No role gets assigned so it fails to connect. 
There doesn't even seem to be any audit log of PacketFence trying to query a 
group on the app registration end.


I know I can query the graph API via graph explorer and can find the groups my 
machine belongs too, but can PacketFence do something similar and if so, how?

The query that I used.

https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf

Regards


Corey Keeling | Senior IT Technician
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Query AzureAD Device Groups

2023-10-31 Thread Corey Keeling (Shared Services - Staff) via PacketFence-users

Dear community,

I have been setting up and testing out PacketFence for a number of weeks now 
and have it setup so that users can authenticate to our BYOD network using 
EAP-TLS. I also have it sort of setup to allow school azureAD devices to 
connect to our curriculum network using machine certificates. The second part 
only works if I don't set any conditions under my AzureAD authentication 
sources.

I have tried to set a condition for membership of a AzureAD group using the 
memberof option either with the Object ID of the group or it's display name, 
but it doesn't seem to work. No role gets assigned so it fails to connect. 
There doesn't even seem to be any audit log of PacketFence trying to query a 
group on the app registration end.


I know I can query the graph API via graph explorer and can find the groups my 
machine belongs too, but can PacketFence do something similar and if so, how?

The query that I used.

https://graph.microsoft.com/v1.0//devices(deviceId='{deviceid}')/memberOf

Regards



Corey Keeling | Senior IT Technician




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Cisco CBS 220 switch with packetfence

2023-10-31 Thread Akram Abdallah via PacketFence-users

Is the Cisco CBS 220 switch compatible with Packetfence ?
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

Re: [PacketFence-users] Query AzureAD Device Groups

Re: [PacketFence-users] Query AzureAD Device Groups

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

Re: [PacketFence-users] Query AzureAD Device Groups

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

Re: [PacketFence-users] How to change the host name in PF?

Re: [PacketFence-users] Query AzureAD Device Groups

[PacketFence-users] How to change the host name in PF?

Re: [PacketFence-users] No internet in the Registration vlan

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

[PacketFence-users] Cisco CBS220 on PF

[PacketFence-users] Query AzureAD Device Groups

[PacketFence-users] Query AzureAD Device Groups

[PacketFence-users] Cisco CBS 220 switch with packetfence

16 matches

Site Navigation

Mail list logo

Footer information