[PacketFence-users] R: R: R: R: R: Switch Compatibility

[Alessandro Canella via PacketFence-users]

Still same error

   1 Nov 20 11:15:33 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
   2 Nov 20 11:15:33 WA authentication: Invalid Service Type: USER [
   newuser]

I will Check KB later and retry wed afternoon

Regards


Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: venerdì 17 novembre 2017 16.28
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: R: [PacketFence-users] R: R: Switch Compatibility


Hello Alessandro,

retry by removing this line:

$radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by 
PacketFence";

and also try with this line:

$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=14';
cf:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=011559=EN

Regards
Fabrice
Le 2017-11-17 à 04:39, Alessandro Canella a écrit :
Hi,


I've tested with Cisco 2960, same error.

I've found some difference in log:

correct auth credentials
1 Nov 17 10:03:37 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
  2 Nov 17 10:03:37 WA authentication: Invalid Service Type: USER [ 
  newuser]


wrong auth credentials
   1 Nov 17 10:04:44 NO authentication: SSH authentication failure [username: 
root, IP address = 153.47.30.125]


I've find another thing : in a conf, switch is still listed as nastype "other" 
corrected, no change. I've checked also for Typo or Uppercase.




Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 13 novembre 2017 14.37
A: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] R: R: Switch Compatibility


Hello Alessandro,

i saw that cisco attributes are also compatible with the Zyxel switches.

So if you choose Cisco_2960 as switch type to make a test.

Regards

Fabrice



Le 2017-11-13 à 07:06, Alessandro Canella a écrit :
Hello All,

I' ve created new switch under PF\ folder.

All seems fine, but no cli login.

Switch Log reports

   1 Nov 13 12:44:23 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
   2 Nov 13 12:44:23 WA authentication: Invalid Service Type: USER [
   newuser]

PF GUI Reports


RADIUS Request

User-Name = "newuser"
User-Password = "**"
NAS-IP-Address = 10.206.1.136
NAS-Identifier = "K873MUXSW1"
Event-Timestamp = "Nov 13 2017 11:45:37 UTC"
Stripped-User-Name = "newuser"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.206.1.136
SQL-User-Name = "newuser"

RADIUS Reply

Reply-Message = "Switch enable access granted by PacketFence"
Zyxel-Privilege-AVPair = "shell:priv-lvl=15"


PF LOG respond :

Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] User newuser logged in 10.206.1.136 with write access 
(pf::Switch::Zyxel::returnAuthorizeWrite)
Nov 13 11:44:21 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: domenica 12 novembre 2017 23.26
A: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: Switch Compatibility

I will try tomorrow.

Don't sure where is file, I will check documentation.


Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: sabato 11 novembre 2017 13.51
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] Switch Compatibility


Hello Alessandro,



you will need to edit the switch module and add this:

=item returnAuthorizeWrite
Return radius attributes to allow write access
=cut

sub returnA

[PacketFence-users] R: R: R: R: Switch Compatibility

[Alessandro Canella via PacketFence-users]

Hi,


I've tested with Cisco 2960, same error.

I've found some difference in log:

correct auth credentials
1 Nov 17 10:03:37 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
  2 Nov 17 10:03:37 WA authentication: Invalid Service Type: USER [ 
  newuser]


wrong auth credentials
   1 Nov 17 10:04:44 NO authentication: SSH authentication failure [username: 
root, IP address = 153.47.30.125]


I've find another thing : in a conf, switch is still listed as nastype "other" 
corrected, no change. I've checked also for Typo or Uppercase.




Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 13 novembre 2017 14.37
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] R: R: Switch Compatibility


Hello Alessandro,

i saw that cisco attributes are also compatible with the Zyxel switches.

So if you choose Cisco_2960 as switch type to make a test.

Regards

Fabrice



Le 2017-11-13 à 07:06, Alessandro Canella a écrit :
Hello All,

I' ve created new switch under PF\ folder.

All seems fine, but no cli login.

Switch Log reports

   1 Nov 13 12:44:23 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
   2 Nov 13 12:44:23 WA authentication: Invalid Service Type: USER [
   newuser]

PF GUI Reports


RADIUS Request

User-Name = "newuser"
User-Password = "**"
NAS-IP-Address = 10.206.1.136
NAS-Identifier = "K873MUXSW1"
Event-Timestamp = "Nov 13 2017 11:45:37 UTC"
Stripped-User-Name = "newuser"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.206.1.136
SQL-User-Name = "newuser"

RADIUS Reply

Reply-Message = "Switch enable access granted by PacketFence"
Zyxel-Privilege-AVPair = "shell:priv-lvl=15"


PF LOG respond :

Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] User newuser logged in 10.206.1.136 with write access 
(pf::Switch::Zyxel::returnAuthorizeWrite)
Nov 13 11:44:21 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: domenica 12 novembre 2017 23.26
A: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: Switch Compatibility

I will try tomorrow.

Don't sure where is file, I will check documentation.


Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: sabato 11 novembre 2017 13.51
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] Switch Compatibility


Hello Alessandro,



you will need to edit the switch module and add this:

=item returnAuthorizeWrite
Return radius attributes to allow write access
=cut

sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=15';
$radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by 
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} 
with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) = 
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];

}

=item returnAuthorizeRead
Return radius attributes to allow read access
=cut

sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=3';
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted by 
Packet

[PacketFence-users] R: R: R: Switch Compatibility

[Alessandro Canella via PacketFence-users]

Hello All,

I' ve created new switch under PF\ folder.

All seems fine, but no cli login.

Switch Log reports

   1 Nov 13 12:44:23 NO authentication: SSH authentication failure [username: 
newuser, IP address = 153.47.30.125]
   2 Nov 13 12:44:23 WA authentication: Invalid Service Type: USER [
   newuser]

PF GUI Reports


RADIUS Request

User-Name = "newuser"
User-Password = "**"
NAS-IP-Address = 10.206.1.136
NAS-Identifier = "K873MUXSW1"
Event-Timestamp = "Nov 13 2017 11:45:37 UTC"
Stripped-User-Name = "newuser"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.206.1.136
SQL-User-Name = "newuser"

RADIUS Reply

Reply-Message = "Switch enable access granted by PacketFence"
Zyxel-Privilege-AVPair = "shell:priv-lvl=15"


PF LOG respond :

Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 13 11:44:18 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] User newuser logged in 10.206.1.136 with write access 
(pf::Switch::Zyxel::returnAuthorizeWrite)
Nov 13 11:44:21 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2712) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: domenica 12 novembre 2017 23.26
A: Durand fabrice <fdur...@inverse.ca>; packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: Switch Compatibility

I will try tomorrow.

Don't sure where is file, I will check documentation.


Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: sabato 11 novembre 2017 13.51
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] Switch Compatibility


Hello Alessandro,



you will need to edit the switch module and add this:

=item returnAuthorizeWrite
Return radius attributes to allow write access
=cut

sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=15';
$radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by 
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} 
with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) = 
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];

}

=item returnAuthorizeRead
Return radius attributes to allow read access
=cut

sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=3';
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted by 
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} 
with read access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeRead', $args);
($radius_reply_ref, $status) = 
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}

Then restart PacketFence.

Let me know if it works.

Regards

Fabrice



Le 2017-11-11 à 02:41, Alessandro Canella a écrit :
Zyxel GS 2210.

I need only AAA for switch login (if you remember I use captive portal for wifi 
in inline mode)

Zyxel provide 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN<https://kb.zyxel.com/KB/searchArticle%21gwsViewDetail.action?articleOid=009451=EN>

I've done all as wrote in this doc (dictionary and so on)

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 10 novembre 2017 21.35
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Switch Compati

[PacketFence-users] R: R: Switch Compatibility

[Alessandro Canella via PacketFence-users]

I will try tomorrow.

Don't sure where is file, I will check documentation.


Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: sabato 11 novembre 2017 13.51
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] Switch Compatibility


Hello Alessandro,



you will need to edit the switch module and add this:

=item returnAuthorizeWrite
Return radius attributes to allow write access
=cut

sub returnAuthorizeWrite {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=15';
$radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by 
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} 
with write access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeWrite', $args);
($radius_reply_ref, $status) = 
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];

}

=item returnAuthorizeRead
Return radius attributes to allow read access
=cut

sub returnAuthorizeRead {
my ($self, $args) = @_;
my $logger = $self->logger;
my $radius_reply_ref;
my $status;
$radius_reply_ref->{'Zyxel-Privilege-AVPair'} = 'shell:priv-lvl=3';
$radius_reply_ref->{'Reply-Message'} = "Switch read access granted by 
PacketFence";
$logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} 
with read access");
my $filter = pf::access_filter::radius->new;
my $rule = $filter->test('returnAuthorizeRead', $args);
($radius_reply_ref, $status) = 
$filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
return [$status, %$radius_reply_ref];
}

Then restart PacketFence.

Let me know if it works.

Regards

Fabrice



Le 2017-11-11 à 02:41, Alessandro Canella a écrit :
Zyxel GS 2210.

I need only AAA for switch login (if you remember I use captive portal for wifi 
in inline mode)

Zyxel provide 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN<https://kb.zyxel.com/KB/searchArticle%21gwsViewDetail.action?articleOid=009451=EN>

I've done all as wrote in this doc (dictionary and so on)

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 10 novembre 2017 21.35
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Switch Compatibility


Hello Alessandro,

what is the type of the switch ?

Regards

Fabrice



Le 2017-11-10 à 09:44, Alessandro Canella via PacketFence-users a écrit :
Hello all,

I solved everything (thanks to all..) ando now I0m investigating about this:



Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] PacketFence does not support this switch for read/write access 
login (pf::Switch::returnAuthorizeWrite)


I've configured switch according to brand guidelines (based on freeradius) and 
I'm trying to enable PF Radius for CLI / HTTPS login.


Switch is configured in PF Switch webpage, I've configured SNMP and SSH too

Alessandro Canella
[Descrizione: Descrizione: Descrizione: Descrizione:  Cattura]
  Via Gurzone 77 - 45030
  Occhiobello (RO) - Italy
  t. ++39 0532 1916333
  f. ++34 0532 1911433
  m. ++39 348<tel:%2B%2B39%20342%203804635> 4433733
  email : alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>
  skype : alessandro.canella
P please consider the environment before printing this email










--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users




--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 

[PacketFence-users] R: Switch Compatibility

[Alessandro Canella via PacketFence-users]

Zyxel GS 2210.

I need only AAA for switch login (if you remember I use captive portal for wifi 
in inline mode)

Zyxel provide 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN

I've done all as wrote in this doc (dictionary and so on)

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 10 novembre 2017 21.35
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Switch Compatibility


Hello Alessandro,

what is the type of the switch ?

Regards

Fabrice



Le 2017-11-10 à 09:44, Alessandro Canella via PacketFence-users a écrit :
Hello all,

I solved everything (thanks to all..) ando now I0m investigating about this:



Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] PacketFence does not support this switch for read/write access 
login (pf::Switch::returnAuthorizeWrite)


I've configured switch according to brand guidelines (based on freeradius) and 
I'm trying to enable PF Radius for CLI / HTTPS login.


Switch is configured in PF Switch webpage, I've configured SNMP and SSH too

Alessandro Canella
[Descrizione: Descrizione: Descrizione: Descrizione:Cattura]
  Via Gurzone 77 - 45030
  Occhiobello (RO) - Italy
  t. ++39 0532 1916333
  f. ++34 0532 1911433
  m. ++39 348<tel:%2B%2B39%20342%203804635> 4433733
  email : alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>
  skype : alessandro.canella
P please consider the environment before printing this email









--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Switch Compatibility

[Alessandro Canella via PacketFence-users]

Hello all,

I solved everything (thanks to all..) ando now I0m investigating about this:



Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Authentication successful for newuser in source file1 (Htpasswd) 
(pf::authentication::authenticate)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Using sources file1 for matching (pf::authentication::match2)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] Matched rule (admins) in source file1, returning actions. 
(pf::Authentication::Source::match)
Nov 10 13:37:03 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2711) INFO: 
[mac:[undef]] PacketFence does not support this switch for read/write access 
login (pf::Switch::returnAuthorizeWrite)


I've configured switch according to brand guidelines (based on freeradius) and 
I'm trying to enable PF Radius for CLI / HTTPS login.


Switch is configured in PF Switch webpage, I've configured SNMP and SSH too

Alessandro Canella
[Descrizione: Descrizione: Descrizione: Descrizione: Cattura]
  Via Gurzone 77 - 45030
  Occhiobello (RO) - Italy
  t. ++39 0532 1916333
  f. ++34 0532 1911433
  m. ++39 348 4433733
  email : alessandro.cane...@itcare.it
  skype : alessandro.canella
P please consider the environment before printing this email





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: R: R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Yep, sorry I’ve lost radius.log file in logs ☺

I’ve partially solved, now I check other issue


Da: gonzaguedambrico...@gmail.com [mailto:gonzaguedambrico...@gmail.com] Per 
conto di Gonzague Dambricourt
Inviato: giovedì 9 novembre 2017 21.59
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>; Alessandro Canella 
<alessandro.cane...@itcare.it>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: R: Radius Project Reloaded

Hi Alessandro

For the logs check /usr/local/pf/logs  .. :)

For the preshared key of Radius => go into the editing section for switches and 
then edit your switch then go to the Radius tab and enter the key you wanna use

On Thu, Nov 9, 2017 at 9:36 PM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:
Hi All,

seems ok, but still not authenticate my switches. I will test Firewalls 
tomoorow, but where I can find Radius auth log?

2nd question, preshared key for radius where is ? to check typo.

thanks

Da: Fabrice Durand [mailto:fdur...@inverse.ca<mailto:fdur...@inverse.ca>]
Inviato: martedì 7 novembre 2017 22.16
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: R: [PacketFence-users] R: R: R: Radius Project Reloaded


So in radius_chilf.pm<http://radius_chilf.pm> replace all:

foreach my $interface ( @radius_ints ) {

with

foreach my $interface ( uniq @radius_ints ) {
and retry

Regards
Fabrice
Le 2017-11-07 à 08:43, Alessandro Canella a écrit :
Here we are!



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 6 novembre 2017 14.23
A: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] R: R: R: Radius Project Reloaded


Hello Alessandro,

can you give me your radiusd_child.pm<http://radiusd_child.pm>, pf.conf and 
conf/radius/auth.conf file ?

Regards

Fabrice



Le 2017-11-03 à 06:48, Alessandro Canella a écrit :
Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/rad
iusd_child.pm<http://iusd_child.pm> line 570, at end of line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/
pf/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/p
f/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib
/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/lo
cal/pf/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 
573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/lo
cal/pf/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 
573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/lo
cal/pf/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> line 
573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm<http://radiusd_child.pm> 
line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/ser
vices/manager/radiusd_child.pm<http://radiusd_child.pm> line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/ser
vices/manager/radiusd_child.pm<http://radiusd_child

[PacketFence-users] R: R: R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Hi All,

seems ok, but still not authenticate my switches. I will test Firewalls 
tomoorow, but where I can find Radius auth log?

2nd question, preshared key for radius where is ? to check typo.

thanks

Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: martedì 7 novembre 2017 22.16
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: R: [PacketFence-users] R: R: R: Radius Project Reloaded


So in radius_chilf.pm replace all:

foreach my $interface ( @radius_ints ) {

with

foreach my $interface ( uniq @radius_ints ) {
and retry

Regards
Fabrice
Le 2017-11-07 à 08:43, Alessandro Canella a écrit :
Here we are!



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 6 novembre 2017 14.23
A: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] R: R: R: Radius Project Reloaded


Hello Alessandro,

can you give me your radiusd_child.pm, pf.conf and conf/radius/auth.conf file ?

Regards

Fabrice



Le 2017-11-03 à 06:48, Alessandro Canella a écrit :
Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 570, at end of 
line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 618.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "$cluster_ip" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 625.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 626.
syntax error at /usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 
634, near "}"
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm has too many errors.
Compilation failed in require at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
Compilation failed in require at (eval 1720) line 2.
at /usr/share/perl5/vendor_perl/Module/Pluggable.pm line 32.
module pf::cmd::pf::checkup cannot be l

[PacketFence-users] I: R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Here is Files requested



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 6 novembre 2017 14.23
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: [PacketFence-users] R: R: R: Radius Project Reloaded


Hello Alessandro,

can you give me your radiusd_child.pm, pf.conf and conf/radius/auth.conf file ?

Regards

Fabrice



Le 2017-11-03 à 06:48, Alessandro Canella a écrit :
Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 570, at end of 
line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 618.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "$cluster_ip" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 625.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 626.
syntax error at /usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 
634, near "}"
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm has too many errors.
Compilation failed in require at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
Compilation failed in require at (eval 1720) line 2.
at /usr/share/perl5/vendor_perl/Module/Pluggable.pm line 32.
module pf::cmd::pf::checkup cannot be loaded
Can't locate object method "name" via package "pf::services::manager::radiusd" 
at /usr/local/pf/lib/pf/services.pm line 42.
Compilation failed in require at /usr/local/pf/lib/pf/cmd/pf/checkup.pm line 20.
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/cmd/pf/checkup.pm 
line 20.
Compilation failed in require at /usr/share/perl5/vendor_perl/Module/Load.pm 
line 27.
Can't locate pf/cmd/pf/checkup in @INC (@INC contains: /usr/local/pf/lib 
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/usr/share/perl5/vendo

[PacketFence-users] R: R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Here we are!



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 6 novembre 2017 14.23
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] R: R: R: Radius Project Reloaded


Hello Alessandro,

can you give me your radiusd_child.pm, pf.conf and conf/radius/auth.conf file ?

Regards

Fabrice



Le 2017-11-03 à 06:48, Alessandro Canella a écrit :
Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 570, at end of 
line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 618.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "$cluster_ip" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 625.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 626.
syntax error at /usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 
634, near "}"
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm has too many errors.
Compilation failed in require at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
Compilation failed in require at (eval 1720) line 2.
at /usr/share/perl5/vendor_perl/Module/Pluggable.pm line 32.
module pf::cmd::pf::checkup cannot be loaded
Can't locate object method "name" via package "pf::services::manager::radiusd" 
at /usr/local/pf/lib/pf/services.pm line 42.
Compilation failed in require at /usr/local/pf/lib/pf/cmd/pf/checkup.pm line 20.
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/cmd/pf/checkup.pm 
line 20.
Compilation failed in require at /usr/share/perl5/vendor_perl/Module/Load.pm 
line 27.
Can't locate pf/cmd/pf/checkup in @INC (@INC contains: /usr/local/pf/lib 
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/usr/share/perl5/vendor_perl/Module/Load.pm line 27.



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: giovedì 2 no

[PacketFence-users] R: R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Tomorrow at same time I will deliver it to you.

Kind regards

Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: lunedì 6 novembre 2017 14.23
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] R: R: R: Radius Project Reloaded


Hello Alessandro,

can you give me your radiusd_child.pm, pf.conf and conf/radius/auth.conf file ?

Regards

Fabrice



Le 2017-11-03 à 06:48, Alessandro Canella a écrit :
Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 570, at end of 
line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 618.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "$cluster_ip" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 625.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 626.
syntax error at /usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 
634, near "}"
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm has too many errors.
Compilation failed in require at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
Compilation failed in require at (eval 1720) line 2.
at /usr/share/perl5/vendor_perl/Module/Pluggable.pm line 32.
module pf::cmd::pf::checkup cannot be loaded
Can't locate object method "name" via package "pf::services::manager::radiusd" 
at /usr/local/pf/lib/pf/services.pm line 42.
Compilation failed in require at /usr/local/pf/lib/pf/cmd/pf/checkup.pm line 20.
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/cmd/pf/checkup.pm 
line 20.
Compilation failed in require at /usr/share/perl5/vendor_perl/Module/Load.pm 
line 27.
Can't locate pf/cmd/pf/checkup in @INC (@INC contains: /usr/local/pf/lib 
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/usr/share/perl5/vendor_perl/Module/Load.pm line 27.



Da: Fabrice Durand [mailto:

[PacketFence-users] R: R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Seems all ok, but patch was unapplied (or not correct)

Nov  3 10:45:47 PacketFence-ZEN auth[3901]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Nov  3 10:45:47 PacketFence-ZEN auth[3901]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 2 novembre 2017 16.33
A: Fabrice Durand <fdur...@inverse.ca>; packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: Radius Project Reloaded

Means checkup?

[root@PacketFence-ZEN bin]# ./pfcmd checkup
Array found where operator expected at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 570, at end of 
line
(Do you need to predeclare uniq?)
"my" variable $cluster_ip masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable $interface masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 572.
"my" variable %tags masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
"my" variable $cluster_ip masks earlier declaration in same statement at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 573.
Couldn't require pf::services::manager::radiusd : Global symbol "%tags" 
requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 603.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 608.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 618.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 621.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "$cluster_ip" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 624.
Global symbol "@radius_backend" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 625.
Global symbol "%tags" requires explicit package name at 
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 626.
syntax error at /usr/local/pf/lib/pf/services/manager/radiusd_child.pm line 
634, near "}"
/usr/local/pf/lib/pf/services/manager/radiusd_child.pm has too many errors.
Compilation failed in require at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
BEGIN failed--compilation aborted at 
/usr/local/pf/lib/pf/services/manager/radiusd.pm line 28.
Compilation failed in require at (eval 1720) line 2.
at /usr/share/perl5/vendor_perl/Module/Pluggable.pm line 32.
module pf::cmd::pf::checkup cannot be loaded
Can't locate object method "name" via package "pf::services::manager::radiusd" 
at /usr/local/pf/lib/pf/services.pm line 42.
Compilation failed in require at /usr/local/pf/lib/pf/cmd/pf/checkup.pm line 20.
BEGIN failed--compilation aborted at /usr/local/pf/lib/pf/cmd/pf/checkup.pm 
line 20.
Compilation failed in require at /usr/share/perl5/vendor_perl/Module/Load.pm 
line 27.
Can't locate pf/cmd/pf/checkup in @INC (@INC contains: /usr/local/pf/lib 
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/usr/share/perl5/vendor_perl/Module/Load.pm line 27.



Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: giovedì 2 novembre 2017 15.45
A: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: R: R: [PacketFence-users] Radius Project Reloaded


What are the errors ?



Le 2017-11-02 à 09:18, Alessandro Canella a écrit :
Something went wrong...


[root@PacketFence-ZEN pf]# patch -p1 < pat.diff
(Stripping trailing CRs from patch; use --binary to disable.)
patching file lib/pf/services/manager/radiusd_child.pm
patch unexpectedly ends in midd

[PacketFence-users] R: R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

 doesn't work (remains freezed and needs a 
ctrl-c to return to prompt)

Not too simply.. any ideas? Can I execute single lines of diff file?

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 31 ottobre 2017 14.15
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Radius Project Reloaded


Hello Alessandro,

can you try this patch:

cd /usr/local/pf

curl 
https://github.com/inverse-inc/packetfence/commit/fa866d14be0b16ef1af0ed849c85a481a4011048.diff
 | patch -p1

Then restart packetfence.

Regards

Fabrice



Le 2017-10-31 à 07:59, Alessandro Canella via PacketFence-users a écrit :
Hello all,

after closing successfully inline config, I will try to config AAA in Zyxel 
Switches.

I've configured dictionary.zyxel and clients.conf too , according this faq : 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN<https://kb.zyxel.com/KB/searchArticle%21gwsViewDetail.action?articleOid=009451=EN>

But login doesn't work. So I've created user in raddb/users. Nothing happens.

I've stopped to search log and I've found in usr/local/pf/logs/radius.log

Oct 31 11:10:43 PacketFence-ZEN auth[2945]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Oct 31 11:10:43 PacketFence-ZEN auth[2945]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


/usr/local/pf/raddb/auth.conf contain:

listen {

ipaddr = 127.0.0.1
port = 18120
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

Last "listen" is row 23, I think can be safely removed.

But if raw 23 goes on error, it's because as you see listener is already 
on...so where I can find my AAA error?






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)




--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Something went wrong...


[root@PacketFence-ZEN pf]# patch -p1 < pat.diff
(Stripping trailing CRs from patch; use --binary to disable.)
patching file lib/pf/services/manager/radiusd_child.pm
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 567 with fuzz 1 (offset -23 lines).



A)  Pfcmd checkup reports lot of error

B)  Web Admin stop works.


Da: Fabrice Durand [mailto:fdur...@inverse.ca]
Inviato: martedì 31 ottobre 2017 17.32
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] Radius Project Reloaded


Once you have the file do

cd /usr/local/pf

patch -p1 < the_patch.diff



Regards

Fabrice



Le 2017-10-31 à 11:56, Alessandro Canella a écrit :
Hello Fabrice,


Done some tests. Cannot grant internet access to PF, so I've pasted diff 
content in a local diff file, but doesn't work (remains freezed and needs a 
ctrl-c to return to prompt)

Not too simply.. any ideas? Can I execute single lines of diff file?

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 31 ottobre 2017 14.15
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Radius Project Reloaded


Hello Alessandro,

can you try this patch:

cd /usr/local/pf

curl 
https://github.com/inverse-inc/packetfence/commit/fa866d14be0b16ef1af0ed849c85a481a4011048.diff
 | patch -p1

Then restart packetfence.

Regards

Fabrice



Le 2017-10-31 à 07:59, Alessandro Canella via PacketFence-users a écrit :
Hello all,

after closing successfully inline config, I will try to config AAA in Zyxel 
Switches.

I've configured dictionary.zyxel and clients.conf too , according this faq : 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN<https://kb.zyxel.com/KB/searchArticle%21gwsViewDetail.action?articleOid=009451=EN>

But login doesn't work. So I've created user in raddb/users. Nothing happens.

I've stopped to search log and I've found in usr/local/pf/logs/radius.log

Oct 31 11:10:43 PacketFence-ZEN auth[2945]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Oct 31 11:10:43 PacketFence-ZEN auth[2945]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


/usr/local/pf/raddb/auth.conf contain:

listen {

ipaddr = 127.0.0.1
port = 18120
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

Last "listen" is row 23, I think can be safely removed.

But if raw 23 goes on error, it's because as you see listener is already 
on...so where I can find my AAA error?





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users




--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Hello Fabrice,


Done some tests. Cannot grant internet access to PF, so I've pasted diff 
content in a local diff file, but doesn't work (remains freezed and needs a 
ctrl-c to return to prompt)

Not too simply.. any ideas? Can I execute single lines of diff file?

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 31 ottobre 2017 14.15
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] Radius Project Reloaded


Hello Alessandro,

can you try this patch:

cd /usr/local/pf

curl 
https://github.com/inverse-inc/packetfence/commit/fa866d14be0b16ef1af0ed849c85a481a4011048.diff
 | patch -p1

Then restart packetfence.

Regards

Fabrice



Le 2017-10-31 à 07:59, Alessandro Canella via PacketFence-users a écrit :
Hello all,

after closing successfully inline config, I will try to config AAA in Zyxel 
Switches.

I've configured dictionary.zyxel and clients.conf too , according this faq : 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN<https://kb.zyxel.com/KB/searchArticle%21gwsViewDetail.action?articleOid=009451=EN>

But login doesn't work. So I've created user in raddb/users. Nothing happens.

I've stopped to search log and I've found in usr/local/pf/logs/radius.log

Oct 31 11:10:43 PacketFence-ZEN auth[2945]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Oct 31 11:10:43 PacketFence-ZEN auth[2945]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


/usr/local/pf/raddb/auth.conf contain:

listen {

ipaddr = 127.0.0.1
port = 18120
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

Last "listen" is row 23, I think can be safely removed.

But if raw 23 goes on error, it's because as you see listener is already 
on...so where I can find my AAA error?




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Radius Project Reloaded

[Alessandro Canella via PacketFence-users]

Hello all,

after closing successfully inline config, I will try to config AAA in Zyxel 
Switches.

I've configured dictionary.zyxel and clients.conf too , according this faq : 
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009451=EN

But login doesn't work. So I've created user in raddb/users. Nothing happens.

I've stopped to search log and I've found in usr/local/pf/logs/radius.log

Oct 31 11:10:43 PacketFence-ZEN auth[2945]: Failed binding to auth address 
192.168.0.72 port 1812 bound to server packetfence: Address already in use
Oct 31 11:10:43 PacketFence-ZEN auth[2945]: /usr/local/pf/raddb/auth.conf[23]: 
Error binding to port for 192.168.0.72 port 1812


/usr/local/pf/raddb/auth.conf contain:

listen {

ipaddr = 127.0.0.1
port = 18120
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

listen {
ipaddr = 192.168.0.72
port = 0
type = auth
virtual_server = packetfence
}

Last "listen" is row 23, I think can be safely removed.

But if raw 23 goes on error, it's because as you see listener is already 
on...so where I can find my AAA error?
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] IP Change

[Alessandro Canella via PacketFence-users]

Hello,

I've changed IP at my PF ZEN. From untagged VLAN 1 153.47.30.99 to tagged 
VLAN50 192.168.0.72

To do this I've edited main conf file renaming eth0 to eth0.90 and assigning 
correct address. After this I've executed a pcmd configreload hard and a reboot.

After this  I stil find old address, in gui/console.


[cid:image001.jpg@01D34CD3.D11FA9C0]


[cid:image002.jpg@01D34CD3.D11FA9C0]

So I've deleted conf file for eth0 where still exixts and changed gateway in
Etc/sysconfig.


Now something is correct but : SSH  doesn't work, and login page reply with 
"not found in database" maybe I need to reconstruct binding by hand I some 
files?







[cid:image003.jpg@01D34CD3.D11FA9C0]




Alessandro Canella
[Descrizione: Descrizione: Descrizione: Descrizione: Cattura]
  Via Gurzone 77 - 45030
  Occhiobello (RO) - Italy
  t. ++39 0532 1916333
  f. ++34 0532 1911433
  m. ++39 348 4433733
  email : alessandro.cane...@itcare.it
  skype : alessandro.canella
P please consider the environment before printing this email





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] IP Revolution

[Alessandro Canella via PacketFence-users]

Hello All,

I've built a PF ZEN environment for test purposes, based on 7.10

REG  IF is 192.168.30.x/24, VLAN 30
MGM   IF is 153.47.30.0/25, VLAN 1

Now I need to go to production, but some ICT Security changes are happened.

REG  IF remain  192.168.30.x/24, VLAN 30
MGM   IF will be 10.206.1.128/25, VLAN 50
OUT(OUTGOING TRAFFIC )  IF will flow via 192.168.0.0/24, VLAN 90

I've added virtual interfaces, on correct VLANs. To make it Simple I think to 
change IP to old MGM (Eth0)  interface assigning OUT IP

So, first of all I need to gain access to MGMT portal in 10.206.1.128/25 IF, I 
think shortest way is using some persistent route adding it in 
/etc/sysconfig/network-scripts/route-eth0.50 maybe?

After this I can change "old" master eth0 IP, and should be work?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: R: R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

Fabrice,

sorry but I was disappeared… route are correct… but I can’t understand 
192.95.20.194 : it’s a public IP. And my lan hasn’t access to the internet…

Da: Durand fabrice [mailto:fdur...@inverse.ca]
Inviato: mercoledì 23 agosto 2017 04.57
A: Alessandro Canella <alessandro.cane...@itcare.it>; 
packetfence-users@lists.sourceforge.net
Oggetto: Re: R: [PacketFence-users] R: R: R: R: R: R: network-access-detection


for B i mean does the firewall have a specific route to reach 192.168.30.0/24 
behind packetfence ?

Le 2017-08-18 à 04:17, Alessandro Canella a écrit :

A)   I can use FQDN in config keeping in mind latency ecc…

B)Route are corrected (I’ve 12 network and 4 Firewall behind..)

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 18 agosto 2017 02.12
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection


Hello Alessandro,

A)

first try to replace the network detection ip to 192.95.20.194.

Next if you use fqdn instead of an ip address then you have to keep in mind 
that even if the packetfence's dns server return a ttl of 15s the browser have 
his own dns cache (like 1 minutes).

So if the device is reg then you will have to wait 1 minute until the detection 
works.

B)

if you route instead of using nat then you have to be sure that 192.95.20.194 
know 192.168.30.0/24

Regards

Fabrice



Le 2017-08-17 à 10:31, Alessandro Canella a écrit :
first solved (thanks for DNS help…)


A)   I’ve discovered that network access gif after login is accessible ONLY via 
DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an 
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as 
network detection



B)Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.30  scope link  metric 1003
192.168.30.0/24 dev eth0.30  proto kernel  scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 192.168.30.0 
requests isn't routed to 153.47.30.2...





Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice




Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.n

[PacketFence-users] R: R: R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

A)  I can use FQDN in config keeping in mind latency ecc…

B)  Route are corrected (I’ve 12 network and 4 Firewall behind..)

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 18 agosto 2017 02.12
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection


Hello Alessandro,

A)

first try to replace the network detection ip to 192.95.20.194.

Next if you use fqdn instead of an ip address then you have to keep in mind 
that even if the packetfence's dns server return a ttl of 15s the browser have 
his own dns cache (like 1 minutes).

So if the device is reg then you will have to wait 1 minute until the detection 
works.

B)

if you route instead of using nat then you have to be sure that 192.95.20.194 
know 192.168.30.0/24

Regards

Fabrice



Le 2017-08-17 à 10:31, Alessandro Canella a écrit :
first solved (thanks for DNS help…)


A)   I’ve discovered that network access gif after login is accessible ONLY via 
DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an 
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as 
network detection



B)Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.30  scope link  metric 1003
192.168.30.0/24 dev eth0.30  proto kernel  scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 192.168.30.0 
requests isn't routed to 153.47.30.2...





Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice



Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourcef

[PacketFence-users] R: R: R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

Fabrice,

whois 192.95.20.194 ?



Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 18 agosto 2017 02.12
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: R: network-access-detection


Hello Alessandro,

A)

first try to replace the network detection ip to 192.95.20.194.

Next if you use fqdn instead of an ip address then you have to keep in mind 
that even if the packetfence's dns server return a ttl of 15s the browser have 
his own dns cache (like 1 minutes).

So if the device is reg then you will have to wait 1 minute until the detection 
works.

B)

if you route instead of using nat then you have to be sure that 192.95.20.194 
know 192.168.30.0/24

Regards

Fabrice



Le 2017-08-17 à 10:31, Alessandro Canella a écrit :
first solved (thanks for DNS help…)


A)   I’ve discovered that network access gif after login is accessible ONLY via 
DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an 
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as 
network detection



B)Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.30  scope link  metric 1003
192.168.30.0/24 dev eth0.30  proto kernel  scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 192.168.30.0 
requests isn't routed to 153.47.30.2...





Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice



Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [Pac

[PacketFence-users] R: R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

first solved (thanks for DNS help…)


A)  I’ve discovered that network access gif after login is accessible ONLY 
via DNS call (DNS_SERVER_NAME.net/common/network-access-detection.gif works, 
SERVER_MANAGEMENT_IP/common/network-access-detection.gif didn't) seems an 
apache misconfig. I've bypassed using inline IP address (192.168.30.1) as 
network detection



B)  Route, this is mine.
default via 153.47.30.2 dev eth0
153.47.30.0/25 dev eth0  proto kernel  scope link  src 153.47.30.99
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.30  scope link  metric 1003
192.168.30.0/24 dev eth0.30  proto kernel  scope link  src 192.168.30.1

But I say I've got "some networks" behind PF. And seems that 192.168.30.0 
requests isn't routed to 153.47.30.2...





Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-a

[PacketFence-users] R: R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

resolv.conf is empty, I assume (ok that’s wrong, I’d understand…..) that NS are 
controlled by another .conf in PF setup…

about NAT and route…. I’d have 10/15 networks on the other side… and seems all 
fine… I will check asap..

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 17 agosto 2017 14.30
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: R: network-access-detection


Ok so first fix the PacketFence server in order to be able to reach internet .

you need to have the default gateway configured and a valid dns server.

ip route

cat /etc/resolv.conf

Then when it's done your issue will probably be fixed.

Regards

Fabrice





Le 2017-08-17 à 07:30, Alessandro Canella a écrit :
Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca><mailto:fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane..

[PacketFence-users] R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

Where I can check resolv.conf?



Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice

Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<m

[PacketFence-users] R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

[192.168.30.0]
dns=153.47.30.113
dhcp_start=192.168.30.10
gateway=192.168.30.1
domain-name=inlinel2.feo-cer.net
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=86400
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.30.246
type=inlinel2
netmask=255.255.255.0
dhcp_default_lease_time=86400

Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

Hello Fabrice:

IP_forward (tested from MGMT ip) result is 1: so, enabled I think.

ZEN seems not know DIG, HOST, NSlookup… so I use Ping “name” and cannot resolve 
nothing.




Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 11 agosto 2017 01.50
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: R: R: network-access-detection


Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward
From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice

Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :
Here some test:

BEFORE  LOGIN

  Suffisso DNS specifico per connessione: inlinel2.feo-cer.net
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)
   Gateway predefinito . . . . . . . . . : 192.168.30.1
   Server DHCP . . . . . . . . . . . . . : 192.168.30.1
   Server DNS . . . . . . . . . . . . .  : 153.47.30.113
C:\Users\aless>nslookup
Server predefinito:  UnKnown
Address:  153.47.30.113

lancelot.feo-cer.net
Server:  UnKnown
Address:  153.47.30.113
Nome:percival.feo-cer.net
Address:  192.168.30.1
Aliases:  lancelot.feo-cer.net.inlinel2.feo-cer.net


AFTER LOGIN

C:\Users\aless>nslookup
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  UnKnown
Address:  153.47.30.113

> server 192.168.30.1
DNS request timed out.
timeout was 2 seconds.
Server predefinito:  [192.168.30.1]
Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 10 agosto 2017 09.42
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 

[PacketFence-users] R: R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca><mailto:lzam...@inverse.ca>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it><mailto:alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: network-access-detection

[Alessandro Canella via PacketFence-users]

I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit <lzam...@inverse.ca>; packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Alessandro Canella 
<alessandro.cane...@itcare.it<mailto:alessandro.cane...@itcare.it>>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: network-access-detection

[Alessandro Canella via PacketFence-users]

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: network-access-detection

[Alessandro Canella via PacketFence-users]

Don’t know:

today after registration all traffic pass correctly….except GIF file (HTTP 
local to PF node)  and DNS requests…..


I need a hand or I will die configuring it….

Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] network-access-detection

[Alessandro Canella via PacketFence-users]

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I'm using ZEN version.

I've tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but "unable to detect" is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: DLINK DGS3100

[Alessandro Canella via PacketFence-users]

I've tested ANY type of deauth in switch config. Note : I use SNMP v2c by 
default, should I move to SNMPv3 ?


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 18 luglio 2017 16.41
A: packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella <alessandro.cane...@itcare.it>
Oggetto: [PacketFence-users] R: DLINK DGS3100

Hi where's location of pfqueue.log ?

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 13 luglio 2017 02.25
A: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] DLINK DGS3100


Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :
Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: DLINK DGS3100

[Alessandro Canella via PacketFence-users]

Hi where's location of pfqueue.log ?

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 13 luglio 2017 02.25
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] DLINK DGS3100


Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :
Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: radius rejected.

[Alessandro Canella via PacketFence-users]

Hello Fabrice,

test are made with local radtest (I've switch configured and...unaccessible... 
and a Windows Radius test tool too) as I seen from log.

(2) Thu Jul 13 15:27:49 2017: Debug:   EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:  --> 127.0.0.1


Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 14 luglio 2017 02.29
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] radius rejected.


Hello Alessandro,

does the request is coming from a switch ?

It miss the Calling-Station-Id attribute.

Regards

Fabrice



Le 2017-07-13 à 13:01, Alessandro Canella via PacketFence-users a écrit :
Hello,

I'm using ZEN, latest download from site. I do not plan to join AD/LDAP but 
only to use local users.

I've created local users in RADDB but according to precedent posts in mailing 
lists I've deleted it and planned to use only "person" in web interface.

Plaintext password are enabled in advanced config and I've added 
"packetfence-local-auth" both in /usr/local/pf/conf/radiusd/packetfence-tunnel 
and in in authorize section just after
packetfence-eap-mac-policy in conf/radiusd/packetfence

but debug still shows logs attached below...

thanks in advance...


(2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72 from 
127.0.0.   1:43886 to 
127.0.0.1:18120 length 73
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Password = "pale"
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-IP-Address = 153.47.30.99
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-Port = 12
(2) Thu Jul 13 15:27:49 2017: Debug:   Message-Authenticator = 
0x952a6bbbaa25fb2   
f8c80772d743956be
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize from file 
/us   
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug:   authorize {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug:   EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:  --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug:   EXPAND %l
(2) Thu Jul 13 15:27:49 2017: Debug:  --> 1499959669
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_calling_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ( && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ( && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:   else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:   } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_calling_station_id 
=noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_called_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:   if (() && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:   if (() && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))  
-   > FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:   else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:   } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_called_station_id = 
   noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_username {
(2) Thu Jul 13 15:27:49 2017: Debug:   if () {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ()  -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:   if ()  {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ / /) {
(2) Thu Jul 1

[PacketFence-users] R: DLINK DGS3100

[Alessandro Canella via PacketFence-users]

Thanks Fabrice,

I've another issues to solve before : hope to test it Monday.

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 13 luglio 2017 02.25
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] DLINK DGS3100


Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :
Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] radius rejected.

[Alessandro Canella via PacketFence-users]

Hello,

I'm using ZEN, latest download from site. I do not plan to join AD/LDAP but 
only to use local users.

I've created local users in RADDB but according to precedent posts in mailing 
lists I've deleted it and planned to use only "person" in web interface.

Plaintext password are enabled in advanced config and I've added 
"packetfence-local-auth" both in /usr/local/pf/conf/radiusd/packetfence-tunnel 
and in in authorize section just after
packetfence-eap-mac-policy in conf/radiusd/packetfence

but debug still shows logs attached below...

thanks in advance...


(2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72 from 
127.0.0.   1:43886 to 
127.0.0.1:18120 length 73
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Password = "pale"
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-IP-Address = 153.47.30.99
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-Port = 12
(2) Thu Jul 13 15:27:49 2017: Debug:   Message-Authenticator = 
0x952a6bbbaa25fb2   
f8c80772d743956be
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize from file 
/us   
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug:   authorize {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug:   EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:  --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug:   EXPAND %l
(2) Thu Jul 13 15:27:49 2017: Debug:  --> 1499959669
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_calling_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ( && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ( && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:   else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:   } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_calling_station_id 
=noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_called_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:   if (() && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:   if (() && 
(   Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9  
 
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))  
-   > FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:   else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:   } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_called_station_id = 
   noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_username {
(2) Thu Jul 13 15:27:49 2017: Debug:   if () {
(2) Thu Jul 13 15:27:49 2017: Debug:   if ()  -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:   if ()  {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ / /) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ / /)  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ /@[^@]*@/ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ /@[^@]*@/ )  -> 
F   ALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ /\.\./ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ /\.\./ )  -> 
FALS   E
(2) Thu Jul 13 15:27:49 2017: Debug: if (( =~ /@/) && 
(   ame !~ 
/@(.+)\.(.+)$/))  {
(2) Thu Jul 13 15:27:49 2017: Debug: if (( =~ /@/) && 
(   ame !~ 
/@(.+)\.(.+)$/))   -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if ( =~ /\.$/)  {
(2) Thu Jul 13 

[PacketFence-users] DLINK DGS3100

[Alessandro Canella via PacketFence-users]

Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users