[PacketFence-users] Multiple tagged VLANs

2016-09-05 Thread Jan Patrick perisse 
Is it possible to provision a port (hybrid or trunk) with multiple tagged VLANs 
and an untagged VLAN using packetfence?
An example would be to provision an Access Point maps each SSID to a VLAN.
Another would be to provision a phone and host on the same port.

Thank you.



--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Index for callingstationid

2016-08-18 Thread Jan-Patrick Perisse 
In PF ZEN V6.1.1.
It was taking 42 seconds for the mysql query that shows nodes to complete.
I added an index for radacct.callingstationid and it went down to less than 1 
sec.

JAN-PATRICK PERISSE
Diretor Tecnico
www.aeon.com.br <http://www.aeon.com.br/>   +55 (021) 99865-1490
+55 (021) 2705-3139

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Authentication from from different domains / sources

2016-07-11 Thread Jan Patrick perisse 
Good afternoon, 
I have packet fence 6 installed and working.
But I need to authenticate machines and users for 2 different AD domains.
So, I have under domains:
DOMa and DOMb
And under sources:
DOMa_Machines
DOMa_Users
DOMb_Machines
DOMb_Users
And in Realms:
DOMa
Domain DOMa
Source DOMa_Machines

and so on.

The problem is that Radius is only trying to authenticate the username or 
machine name through DOMa_Machines and not DOMa_Users.

How can I solve this problem?
Thank you.



--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] online/offline users not updating

2016-05-25 Thread Jan-Patrick Perisse 
Hello. What do I have to config so that the online/offline users update?
I have everything setup with RADIUS and AFAIK it should be based on acct-start 
and acct-stop, right?
Please help me on that.




JAN-PATRICK PÉRISSÉ
Diretor técnico
www.aeon.com.br    +55 21 2705-3139



--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.11x autoregister

2016-05-25 Thread Jan-Patrick Perisse 
I eventually made it work. I was restarting httpd.aaa but it doesn’t reload the 
rules.
Now I restart by bin/pfcmd configreload. Is there a better way?

> On 25 de mai de 2016, at 9:25 AM, Fabrice Durand <fdur...@inverse.ca> wrote:
> 
> Hello Jan-Patrick,
> 
> do you have the log when you receive the radius request ?
> 
> Regards
> Fabrice
> 
> Le 2016-05-24 12:29, Jan-Patrick Perisse a écrit :
>> Hello people, 
>> I have ZEN 6.0.1 installed and I am currently testing.
>> I don’t want people on the network to get to the portal for registration. 
>> So, I have setup a config to auto register anyone that can authenticate on 
>> AD. Besides that, I will setup printers and other devices to auto register 
>> via MAC.
>> My setup is working properly for wired workstation (although they 
>> re-authenticate every minute and I can’t get rid of it).
>> But for wireless, I have WPA2 Enterprise on unifi and PF doesn’t seem to 
>> apply the rule.
>> Thank you.
>> 
>> [etherneteap]
>> filter = connection_type
>> operator = is
>> value = Ethernet-EAP
>> 
>> [reg:etherneteap]
>> scope = AutoRegister
>> role = default
>> 
>> [wetherneteap]
>> filter = connection_type
>> operator = is
>> value = Wireless-802.11-EAP
>> 
>> [reg:wetherneteap]
>> scope = AutoRegister
>> role = default
>> 
>> You can see it’s the same rule but LOG says:
>> For wireless
>> May 24 12:21:36 httpd.aaa(14492) DEBUG: [mac:c0:f2:fb:b4:d7:04] 
>> instantiating new pf::access_filter::vlan (pf::access_filter::new)
>> May 24 12:21:36 httpd.aaa(14492) DEBUG: [mac:c0:f2:fb:b4:d7:04] No rule 
>> matched for scope AutoRegister (pf::access_filter::test)
>> 
>> For wired
>> May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] 
>> instantiating new pf::access_filter::vlan (pf::access_filter::new)
>> May 24 12:24:54 httpd.aaa(14492) INFO: [mac:e8:40:f2:3a:b1:77] Match rule 
>> reg:etherneteap (pf::access_filter::test)
>> May 24 12:24:54 httpd.aaa(14492) INFO: [mac:e8:40:f2:3a:b1:77] Instantiate 
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] 
>> instantiating new pf::Portal::Profile object (pf::Portal::Profile::new)
>> May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] 
>> instantiating new pf::access_filter::vlan (pf::access_filter::new)
>> May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] No engine 
>> found for NodeInfoForAutoReg (pf::access_filter::test)
>> 
>> 
>> 
>> 
>> JAN-PATRICK PÉRISSÉ
>> Diretor técnico
>> www.aeon.com.br <http://www.aeon.com.br/>+55 21 2705-3139
>> 
>> 
>> 
>> 
>> 
>> --
>> Mobile security can be enabling, not merely restricting. Employees who
>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>> restrictions. Mobile Device Manager Plus allows you to control only the
>> apps on BYO-devices by containerizing them, leaving personal data untouched!
>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j 
>> <https://ad.doubleclick.net/ddm/clk/304595813;131938128;j>
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
> 
> -- 
> Fabrice Durand
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
> www.inverse.ca <http://www.inverse.ca/>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org 
> <http://packetfence.org/>) 
> --
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users




JAN-PATRICK PÉRISSÉ
Diretor técn

[PacketFence-users] 802.11x autoregister

2016-05-24 Thread Jan-Patrick Perisse 
Hello people, 
I have ZEN 6.0.1 installed and I am currently testing.
I don’t want people on the network to get to the portal for registration. So, I 
have setup a config to auto register anyone that can authenticate on AD. 
Besides that, I will setup printers and other devices to auto register via MAC.
My setup is working properly for wired workstation (although they 
re-authenticate every minute and I can’t get rid of it).
But for wireless, I have WPA2 Enterprise on unifi and PF doesn’t seem to apply 
the rule.
Thank you.

[etherneteap]
filter = connection_type
operator = is
value = Ethernet-EAP

[reg:etherneteap]
scope = AutoRegister
role = default

[wetherneteap]
filter = connection_type
operator = is
value = Wireless-802.11-EAP

[reg:wetherneteap]
scope = AutoRegister
role = default

You can see it’s the same rule but LOG says:
For wireless
May 24 12:21:36 httpd.aaa(14492) DEBUG: [mac:c0:f2:fb:b4:d7:04] instantiating 
new pf::access_filter::vlan (pf::access_filter::new)
May 24 12:21:36 httpd.aaa(14492) DEBUG: [mac:c0:f2:fb:b4:d7:04] No rule matched 
for scope AutoRegister (pf::access_filter::test)

For wired
May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] instantiating 
new pf::access_filter::vlan (pf::access_filter::new)
May 24 12:24:54 httpd.aaa(14492) INFO: [mac:e8:40:f2:3a:b1:77] Match rule 
reg:etherneteap (pf::access_filter::test)
May 24 12:24:54 httpd.aaa(14492) INFO: [mac:e8:40:f2:3a:b1:77] Instantiate 
profile default (pf::Portal::ProfileFactory::_from_profile)
May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] instantiating 
new pf::Portal::Profile object (pf::Portal::Profile::new)
May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] instantiating 
new pf::access_filter::vlan (pf::access_filter::new)
May 24 12:24:54 httpd.aaa(14492) DEBUG: [mac:e8:40:f2:3a:b1:77] No engine found 
for NodeInfoForAutoReg (pf::access_filter::test)




JAN-PATRICK PÉRISSÉ
Diretor técnico
www.aeon.com.br    +55 21 2705-3139



--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users