Re: [PacketFence-users] Problem getting Radius MacAuth to work.

[Morgan, Darren via PacketFence-users]

Hi Martin,
We use those switches and I think it could be a problem with the port config.  
Here's ours;

interface GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 60 untagged
port hybrid pvid vlan 60
mac-vlan enable
broadcast-suppression pps 3000
stp edged-port
lldp compliance admin-status cdp txrx
poe enable
undo dot1x handshake
dot1x mandatory-domain packetfence
dot1x max-user 3
undo dot1x multicast-trigger
dot1x re-authenticate
dot1x guest-vlan 60
mac-authentication guest-vlan 60
port-security max-mac-count 3
port-security port-mode mac-else-userlogin-secure
loopback-detection enable vlan 1 to 4094
 loopback-detection action shutdown
dhcp snooping information enable

Our VLAN 60 is the registration VLAN and it looks like your VLAN 200 is your 
guest VLAN - Try changing it to your registration VLAN (10)

Hope this helps.

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
ü Please consider the environment before printing this e-mail



From: Schenkelberg, Martin via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: 25 January 2018 10:41
To: 'PacketFence-users@lists.sourceforge.net' 

Cc: Schenkelberg, Martin 
Subject: [PacketFence-users] Problem getting Radius MacAuth to work.

Hello all, i hope you can give me a hint of what im doing wrong.

We are evaluating to use PacketFence 7.3.0 Zen to authenticate users connecting 
to our lan and wifi infrastructure and to assign them the right vlans. (Guest / 
Productive )

For Wifi we use a Cisco Wlc and everything works fine.

For LAN Access we use different HP / ARUBA Switches.

One Switch (Aruba 2530-24g) Works fine with SNMP (Link Up Down) unknown users 
will be redirected to the portal and after login the right vlan is assigned tot 
he switch port.

Now i try to do the same with a HP 5130 Series Switch which is a rebranded H3C 
Switch using Comware OS.

I followed the  H3C section of the Network Device Configuration Guide to 
configure my Switch but i´m not able to get it to work.

If i plug in Network Device i receive the following log Messages:

Switch Console:
%Jan 25 11:23:33:305 2018 Testswitch MACA/6/MACA_LOGIN_FAILURE: 
-IfName=GigabitEthernet1/0/1-MACAddr=98e7-f48e-3c2f-VLANId=200-UserName=98e7f48e3c2f-UserNameFormat=MAC
 address; The user failed the MAC address authentication.

Packetfence.log:
PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(3450) INFO: [mac:[undef]] User 
98e7f48e3c2f tried to login in 172.20.14.66 but authentication failed 
(pf::radius::switch_access)


Radius.log:
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: rlm_rest (rest): Closing 
connection (320): Hit idle_timeout, was idle for 68 seconds
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: (316) rest: ERROR: Server returned:
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: (316) rest: ERROR: 
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication
 failed on PacketFence"}
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: Need 4 more connections to reach 
10 spares
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: rlm_rest (rest): Opening 
additional connection (324), 1 of 58 pending slots used
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: rlm_sql (sql): Closing connection 
(322): Hit idle_timeout, was idle for 68 seconds
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: Need 4 more connections to reach 
10 spares
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: rlm_sql (sql): Opening additional 
connection (326), 1 of 58 pending slots used
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: [mac:98-E7-F4-8E-3C-2F] Rejected 
user: 98e7f48e3c2f
Jan 25 10:26:18 PacketFence-ZEN auth[23436]: (316) Rejected in post-auth: 
[98e7f48e3c2f] (from client 172.20.14.66 port 16781512 cli 98-E7-F4-8E-3C-2F)


Radius Debug Log: (There is an Error 500 inside regarding REST)

[root@PacketFence-ZEN radius]# raddebug -f /usr/local/pf/var/run/radiusd.sock 
-t 300
(76) Thu Jan 25 08:28:15 2018: Debug: Received Access-Request Id 160 from 
172.20.14.66:39936 to 
172.20.1.230:1812 length 166
(76) Thu Jan 25 08:28:15 2018: Debug:   User-Name = "98e7f48e3c2f"
(76) Thu Jan 25 08:28:15 2018: Debug:   User-Password = "98e7f48e3c2f"
(76) Thu Jan 25 08:28:15 2018: Debug:   Service-Type = Call-Check
(76) Thu Jan 25 08:28:15 2018: Debug:   NAS-Identifier = "Testswitch"
(76) Thu Jan 25 08:28:15 2018: Debug:   NAS-Port = 16781512
(76) Thu Jan 25 08:28:15 2018: Debug:   NAS-Port-Type = Ethernet
(76) Thu Jan 25 08:28:15 2018: Debug:   Calling-Station-Id = "98-E7-F4-8E-3C-2F"
(76) Thu Jan 25 08:28:15 2018: Debug:   Called-Station-Id = "5C-8A-38-D8-B7-45"
(76) Thu Jan 25 08:28:15 2018: Debug:   NAS-Port-Id = 
"slot=1;subslot=0;port=1;vlanid=200"
(76) Thu Jan 25 08:28:15 2018: Debug:   NAS-IP-Address = 172.20.14.66
(76) Thu Jan 25 08:28:15 2018: Debug: # Executing section authorize from file 

Re: [PacketFence-users] PacketFence PKI

[Morgan, Darren]

Hi Antonie,
That's sorted it - Many thanks!
Regards
Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 25 November 2016 17:56
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence PKI


Morgan,

can you try to remove the sapce after the coma in the ennablerepo option?

yum install packetfence-pki --enablerepo=packetfence,packetfence-extra

Let us know if that works.

I installed the PKI on a fresh centos6 install without any issue.

thanks

On 11/25/2016 12:13 PM, Morgan, Darren wrote:
Hi Antonie,

Details below;

[root@localhost ~]# rpm -qa | grep django
python-django-1.6.11-10.3.noarch
python-django-bash-completion-1.6.11-10.3.noarch
python-django-tagging-0.3.1-7.el6.noarch

Kind regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 25 November 2016 16:55
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PacketFence PKI


Hello Morgan,

Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)

That should be 9393 and 9191, will be corrected.

The PacketFence PKI should still be supported and working.

It seems you have issue with django dependencies could you do "rpm -qa | grep 
django".

I will try to setup one PKI quick and let you know.

Thanks

On 11/25/2016 11:45 AM, Morgan, Darren wrote:
Hi,

I'm still having major issues getting the PKI to install using the instructions 
provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I'm using a fresh install 
of PacketFence 6.4.0 ZEN running on VMWare VSphere 6 Hypervisor (Given it 24GB 
RAM, 4 virtual sockets, with 2 cores each, and 200GB drive)

I've set up the system to link with our AD and is registered in our Domain.  
Checked with a laptop plugged in to an HP Procurve 2520G-8-PoE switch and end 
users can connect fine.  Even have Firewall SSO setup with iBoss which works 
buaetifully)

The problem I have is when I go through the PKI install guide;

Prepare to install with PacketFence
Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)
Restarted the iptables service

CentOS/RHEL
(Assuming I use the CentOS instructions as I'm using ZEN)
Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm
Loaded plugins: fastestmirror
Setting up Local Package Process
packetfence-release-1-2.centos6.noarch.rpm  

  | 2.8 kB 00:00
Examining /var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: does not 
update installed package.
Nothing to do
[root@localhost ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.cov.ukservers.com
* extras: mirrors.ukfast.co.uk
* updates: mirror.cov.ukservers.com
base

  | 3.7 kB 00:00
base/primary_db 

  | 4.7 MB 00:01
extras  

  | 3.4 kB 00:00
extras/primary_db   

  |  37 kB 00:00
mariadb 

  | 2.9 kB 00:00
mariadb/primary_db  

  |  22 kB 00:00
p

Re: [PacketFence-users] PacketFence PKI

[Morgan, Darren]

Hi Antonie,

Details below;

[root@localhost ~]# rpm -qa | grep django
python-django-1.6.11-10.3.noarch
python-django-bash-completion-1.6.11-10.3.noarch
python-django-tagging-0.3.1-7.el6.noarch

Kind regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 25 November 2016 16:55
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence PKI


Hello Morgan,

Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)

That should be 9393 and 9191, will be corrected.

The PacketFence PKI should still be supported and working.

It seems you have issue with django dependencies could you do "rpm -qa | grep 
django".

I will try to setup one PKI quick and let you know.

Thanks

On 11/25/2016 11:45 AM, Morgan, Darren wrote:
Hi,

I'm still having major issues getting the PKI to install using the instructions 
provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I'm using a fresh install 
of PacketFence 6.4.0 ZEN running on VMWare VSphere 6 Hypervisor (Given it 24GB 
RAM, 4 virtual sockets, with 2 cores each, and 200GB drive)

I've set up the system to link with our AD and is registered in our Domain.  
Checked with a laptop plugged in to an HP Procurve 2520G-8-PoE switch and end 
users can connect fine.  Even have Firewall SSO setup with iBoss which works 
buaetifully)

The problem I have is when I go through the PKI install guide;

Prepare to install with PacketFence
Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)
Restarted the iptables service

CentOS/RHEL
(Assuming I use the CentOS instructions as I'm using ZEN)
Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm
Loaded plugins: fastestmirror
Setting up Local Package Process
packetfence-release-1-2.centos6.noarch.rpm  

  | 2.8 kB 00:00
Examining /var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: does not 
update installed package.
Nothing to do
[root@localhost ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.cov.ukservers.com
* extras: mirrors.ukfast.co.uk
* updates: mirror.cov.ukservers.com
base

  | 3.7 kB 00:00
base/primary_db 

  | 4.7 MB 00:01
extras  

  | 3.4 kB 00:00
extras/primary_db   

  |  37 kB 00:00
mariadb 

  | 2.9 kB 00:00
mariadb/primary_db  

  |  22 kB 00:00
packetfence-extra   

  |  951 B 00:00
packetfence-extra/primary   

  |  74 kB 00:00
packetf

[PacketFence-users] PacketFence PKI

[Morgan, Darren]

Hi,

I'm still having major issues getting the PKI to install using the instructions 
provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I'm using a fresh install 
of PacketFence 6.4.0 ZEN running on VMWare VSphere 6 Hypervisor (Given it 24GB 
RAM, 4 virtual sockets, with 2 cores each, and 200GB drive)

I've set up the system to link with our AD and is registered in our Domain.  
Checked with a laptop plugged in to an HP Procurve 2520G-8-PoE switch and end 
users can connect fine.  Even have Firewall SSO setup with iBoss which works 
buaetifully)

The problem I have is when I go through the PKI install guide;

Prepare to install with PacketFence
Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)
Restarted the iptables service

CentOS/RHEL
(Assuming I use the CentOS instructions as I'm using ZEN)
Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm
Loaded plugins: fastestmirror
Setting up Local Package Process
packetfence-release-1-2.centos6.noarch.rpm  

  | 2.8 kB 00:00
Examining /var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: does not 
update installed package.
Nothing to do
[root@localhost ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.cov.ukservers.com
* extras: mirrors.ukfast.co.uk
* updates: mirror.cov.ukservers.com
base

  | 3.7 kB 00:00
base/primary_db 

  | 4.7 MB 00:01
extras  

  | 3.4 kB 00:00
extras/primary_db   

  |  37 kB 00:00
mariadb 

  | 2.9 kB 00:00
mariadb/primary_db  

  |  22 kB 00:00
packetfence-extra   

  |  951 B 00:00
packetfence-extra/primary   

  |  74 kB 00:00
packetfence-extra   

 255/255
updates 

  | 3.4 kB 00:00
updates/primary_db  

  | 3.7 MB 00:01
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

Hi,

I've been struggling with this for a while now.  I came back from annual leave 
and couldn't get the PKI to work so reverted back to a snapshot of the PF ZEN 
server I had before I started installing the PKI.  Now when I run the command I 
cannot install the packetfence-pki at all.  Any pointers from anyone?

Output from the installation commands below;

[root@OS-PF ~]# rpm -e python-django --nodeps
error: package python-django is not installed
[root@OS-PF ~]# yum install packetfence-pki --enablerepo=packetfence-extra
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.bytemark.co.uk
* extras: mirror.bytemark.co.uk
* updates: mirror.bytemark.co.uk
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: django-countries
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-rest-framework
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-pyasn1-modules >= 0.1.7
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-bootstrap3
You could try using --skip-broken to work around the problem
** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
graphite-web-0.9.12-25.2.noarch has missing requires of python-django >= ('0', 
'1.3', None)
packetfence-6.3.0-1.el6.noarch has missing requires of python-django
python-django-tagging-0.3.1-7.el6.noarch has missing requires of Django


Regards

Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 16:38
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide

Hi,

Here are the results of the commands.  I've set the iptables.conf and rebooted 
before I raised an issue., and yes - I'm connecting on https

[root@OS-PF ~]# netstat -nlp| grep 9393
tcp0  0 :::9393 :::*
LISTEN  2969/httpd
[root@OS-PF ~]# iptables -L|grep 9393
ACCEPT tcp  --  anywhere anywheretcp dpt:9393
[root@OS-PF ~]# service packetfence-pki status
packetfence-pki (pid 2969) is running


Just off on hols so will pick this up again when I'm back in a week's time.

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 16:07
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide


Is the PKI listening on port 9393?

netstat -nlp | grep 9393

Are you trying to access it in https?

There is a rules to uncomment on conf/iptables.conf, what do you get if you do:

iptables -L | grep 9393

Thanks
On 10/21/2016 11:01 AM, Morgan, Darren wrote:
OK
This seems to be like wading through treacle!  I don't remember having these 
problems when set this up in PF 5.4.
I've now have PKI installed and checked that it is running, but when I try to 
access the URL I get 'Internal Server Error'  does anyone have any ideas what I 
should check now?
Regards
Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 15:31
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide

Many thanks,

That worked.

Darren

Fro

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

Hi,

Here are the results of the commands.  I've set the iptables.conf and rebooted 
before I raised an issue., and yes - I'm connecting on https

[root@OS-PF ~]# netstat -nlp| grep 9393
tcp0  0 :::9393 :::*
LISTEN  2969/httpd
[root@OS-PF ~]# iptables -L|grep 9393
ACCEPT tcp  --  anywhere anywheretcp dpt:9393
[root@OS-PF ~]# service packetfence-pki status
packetfence-pki (pid 2969) is running


Just off on hols so will pick this up again when I'm back in a week's time.

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 16:07
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide


Is the PKI listening on port 9393?

netstat -nlp | grep 9393

Are you trying to access it in https?

There is a rules to uncomment on conf/iptables.conf, what do you get if you do:

iptables -L | grep 9393

Thanks
On 10/21/2016 11:01 AM, Morgan, Darren wrote:
OK
This seems to be like wading through treacle!  I don't remember having these 
problems when set this up in PF 5.4.
I've now have PKI installed and checked that it is running, but when I try to 
access the URL I get 'Internal Server Error'  does anyone have any ideas what I 
should check now?
Regards
Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 15:31
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide

Many thanks,

That worked.

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 15:07
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide


Morgan,

try the following:

rpm -e python-django --nodeps

yum install packetfence-pki --enablerepo=packetfence-extra

Let us know if that help

Thanks

On 10/21/2016 09:59 AM, Morgan, Darren wrote:
Hi Antoine,

I've tried installing the PKI, but come up with some errors (Listed below)  Any 
ideas?  I've checked and the latest verion of Python-Django is installed (yum 
info python-django run output at end of email)

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~

[root@OS-PF ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: django-countries
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-rest-framework
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-pyasn1-modules >= 0.1.7
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-bootstrap3
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles -nodigest

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


[root@OS-PF ~]# yum info python-django
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Installed Packages
Name: python-django
Arch: noarch
Version : 1.6.11
Release : 10.3
Size: 15 M
Repo: installe

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

OK
This seems to be like wading through treacle!  I don't remember having these 
problems when set this up in PF 5.4.
I've now have PKI installed and checked that it is running, but when I try to 
access the URL I get 'Internal Server Error'  does anyone have any ideas what I 
should check now?
Regards
Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 15:31
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide

Many thanks,

That worked.

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 15:07
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide


Morgan,

try the following:

rpm -e python-django --nodeps

yum install packetfence-pki --enablerepo=packetfence-extra

Let us know if that help

Thanks

On 10/21/2016 09:59 AM, Morgan, Darren wrote:
Hi Antoine,

I've tried installing the PKI, but come up with some errors (Listed below)  Any 
ideas?  I've checked and the latest verion of Python-Django is installed (yum 
info python-django run output at end of email)

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~

[root@OS-PF ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: django-countries
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-rest-framework
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-pyasn1-modules >= 0.1.7
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-bootstrap3
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles -nodigest

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


[root@OS-PF ~]# yum info python-django
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Installed Packages
Name: python-django
Arch: noarch
Version : 1.6.11
Release : 10.3
Size: 15 M
Repo: installed
>From repo   : packetfence
Summary : A high-level Python Web framework
URL : http://www.djangoproject.com/
License : BSD
Description : Django is a high-level Python Web framework that encourages rapid
: development and a clean, pragmatic design. It focuses on 
automating as
: much as possible and adhering to the DRY (Don't Repeat Yourself)
: principle.


~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


Regards

Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 14:36
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide

Thanks Antoine,

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 14:17
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

Many thanks,

That worked.

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 15:07
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide


Morgan,

try the following:

rpm -e python-django --nodeps

yum install packetfence-pki --enablerepo=packetfence-extra

Let us know if that help

Thanks

On 10/21/2016 09:59 AM, Morgan, Darren wrote:
Hi Antoine,

I've tried installing the PKI, but come up with some errors (Listed below)  Any 
ideas?  I've checked and the latest verion of Python-Django is installed (yum 
info python-django run output at end of email)

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~

[root@OS-PF ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: django-countries
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-rest-framework
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-pyasn1-modules >= 0.1.7
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-bootstrap3
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles -nodigest

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


[root@OS-PF ~]# yum info python-django
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Installed Packages
Name: python-django
Arch: noarch
Version : 1.6.11
Release : 10.3
Size: 15 M
Repo: installed
>From repo   : packetfence
Summary : A high-level Python Web framework
URL : http://www.djangoproject.com/
License : BSD
Description : Django is a high-level Python Web framework that encourages rapid
: development and a clean, pragmatic design. It focuses on 
automating as
: much as possible and adhering to the DRY (Don't Repeat Yourself)
: principle.


~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


Regards

Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 14:36
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide

Thanks Antoine,

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 14:17
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide


Hello Morgan,

The guide is available here: 
https://packetfence.org/doc/PacketFence_PKI_Quick_Install_Guide.html

Thank you

On 10/21/2016 04:31 AM, Morgan, Darren wrote:
Hi,
Apologies if this has been answered before but I'm trying to find the latest 
PKI install guide for PF 6.3.0.  I want to install it on the same server as we 
have PF ZEN 6.3.0 running at the minute.
Regards

Darren Morgan
Systems Manager
Oundle School
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corp

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

Hi Antoine,

I've tried installing the PKI, but come up with some errors (Listed below)  Any 
ideas?  I've checked and the latest verion of Python-Django is installed (yum 
info python-django run output at end of email)

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~

[root@OS-PF ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch
---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: django-countries
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-rest-framework
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-pyasn1-modules >= 0.1.7
Error: Package: packetfence-pki-1.0.4-1.el6.noarch (packetfence-extra)
   Requires: python-django-bootstrap3
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles -nodigest

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


[root@OS-PF ~]# yum info python-django
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.ukfast.co.uk
* extras: mirrors.coreix.net
* updates: mirrors.ukfast.co.uk
Installed Packages
Name: python-django
Arch: noarch
Version : 1.6.11
Release : 10.3
Size: 15 M
Repo: installed
>From repo   : packetfence
Summary : A high-level Python Web framework
URL : http://www.djangoproject.com/
License : BSD
Description : Django is a high-level Python Web framework that encourages rapid
: development and a clean, pragmatic design. It focuses on 
automating as
: much as possible and adhering to the DRY (Don't Repeat Yourself)
: principle.


~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~


Regards

Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 21 October 2016 14:36
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide

Thanks Antoine,

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 14:17
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] PKI Install guide


Hello Morgan,

The guide is available here: 
https://packetfence.org/doc/PacketFence_PKI_Quick_Install_Guide.html

Thank you

On 10/21/2016 04:31 AM, Morgan, Darren wrote:
Hi,
Apologies if this has been answered before but I'm trying to find the latest 
PKI install guide for PF 6.3.0.  I want to install it on the same server as we 
have PF ZEN 6.3.0 running at the minute.
Regards

Darren Morgan
Systems Manager
Oundle School
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk<http://www.oundleschool.org.uk>





Scanned by iCritical.





--

Check out the vibrant tech community on one of the worl

Re: [PacketFence-users] PKI Install guide

[Morgan, Darren]

Thanks Antoine,

Regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 21 October 2016 14:17
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI Install guide


Hello Morgan,

The guide is available here: 
https://packetfence.org/doc/PacketFence_PKI_Quick_Install_Guide.html

Thank you

On 10/21/2016 04:31 AM, Morgan, Darren wrote:
Hi,
Apologies if this has been answered before but I'm trying to find the latest 
PKI install guide for PF 6.3.0.  I want to install it on the same server as we 
have PF ZEN 6.3.0 running at the minute.
Regards

Darren Morgan
Systems Manager
Oundle School
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk<http://www.oundleschool.org.uk>





Scanned by iCritical.






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, SlashDot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Antoine Amacher

aamac...@inverse.ca<mailto:aamac...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>

+1.514.447.4918 x130  :: +1 (866) 353-6153 x130

Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PKI Install guide

[Morgan, Darren]

Hi,
Apologies if this has been answered before but I'm trying to find the latest 
PKI install guide for PF 6.3.0.  I want to install it on the same server as we 
have PF ZEN 6.3.0 running at the minute.
Regards

Darren Morgan
Systems Manager
Oundle School
ü Please consider the environment before printing this e-mail


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sponsor guest access issue

[Morgan, Darren]

Hi Derek,

Many thanks for getting back to me.  I’ve investigated further this morning and 
saw that the sponsor was in 2 sources but only 1 was marked as sponsor, so when 
the process iterated through the available sources it matched on the one that 
wasn’t marked as sponsor.  Soon fixed that!  Now I get a different error 
message;

[mac:b8:ca:3a:85:ce:ce] Caught exception in 
captiveportal::Controller::Activate::Email->doSponsorRegistration "SMTP 
recipient() command failed:
5.7.1 Unable to relay
" (captiveportal::PacketFence::Controller::Root::end)


Which I assume is to do with security on our email server.

As ever – Many thanks for the help.

Regards

Darren




From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: 14 October 2016 18:05
To: ML PF <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Sponsor guest access issue

Daren,

Can you send the log file ?
Looks like there may be a problem with matching the provided sponsor… (error 
message displayed on the portal seems incomplete...)

Cheers!
-dw.

—
Derek Wuelfrath
de...@inverse.ca<mailto:de...@inverse.ca>

On Oct 14, 2016, at 04:22, Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

I now no longer get the error, but when we try to authorise the guest with any 
of the users from the Sponsors group we get the message that they do not have 
permission.  As you can see from the previous .conf files I’ve marked the users 
in the Sponsers source as ‘sponsor=1’


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Can't join packetfence to domain for RADIUS

[Morgan, Darren]

Hi Alex,

I had similar issues when I started to use PacketFence.  I found the following 
helped;

Ensure that DNS servers are listed in /etc/resolv.conf
The correct HOSTNAME is listed in /etc/sysconfig/network and that you use only 
IP address in the AD server address
Check the /etc/hosts file to include the PacketFence server and the AD servers 
for your domain.
127.0.0.1 localhost localhost.localdomain localhost4 
localhost4.localdomain4
192.168.XXX.XXX packetfenceserver.domain.local packetfenceserver
192.168.XXX.XXX domaincontroller.domain.local domaincontroller

If you still have problems then make sure that the domain is in CAPS wherever 
you see it in the following 2 files;
/etc/samba/Oundle.conf
/etc/krb5.conf

And check that you have joined successfully by using;
Chroot /chroots/Domain wbinfo –u


I had problems using the radtest (radtest dd Abcd1234 localhost:18120 12 
testing123) as it kept coming back Reject, but I think that may be a false 
positive as when I tried logging users in to the system it all seems to work OK.

Hope this helps.

Regards

Darren

From: Alex Fishel [mailto:fishal...@gmail.com]
Sent: 14 October 2016 04:28
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Can't join packetfence to domain for RADIUS

Hello all,
I upgraded the server as suggested but it hasn't seemed to make a difference 
yet.  Is there a log file that could be examined to diagnose the problem?
Thanks!

--
Alex Fishel



This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sponsor guest access issue

[Morgan, Darren]

Thanks Derek,

I now no longer get the error, but when we try to authorise the guest with any 
of the users from the Sponsors group we get the message that they do not have 
permission.  As you can see from the previous .conf files I’ve marked the users 
in the Sponsers source as ‘sponsor=1’

Any ideas?

[Sponsors rule OS_Sponsors]
description=Users with sponsor level
class=administration
match=all
action0=mark_as_sponsor=1


[cid:image001.png@01D225FC.7AA70C40]

Regards

Darren
From: Derek Wuelfrath [mailto:de...@inverse.ca]
Sent: 13 October 2016 18:23
To: ML PF <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Sponsor guest access issue

Hello Daren,

Can you try to add the “sponsor” source to your portal profiles ?
You have the “Sponsors” which defines who is able to sponsor, but not the 
“sponsor” which activate the sponsor feature.

Sponsor ! (not mentionned enough ;))

Cheers!
-dw.

—
Derek Wuelfrath
de...@inverse.ca<mailto:de...@inverse.ca>

On Oct 13, 2016, at 11:59, Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~
profiles.conf
~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~

[default]
description=Default Profile
logo=/common/packetfence-white.png
redirecturl=http://www.google.co.uk<http://www.google.co.uk/>
always_use_redirecturl=disabled
locale=en_US
nbregpages=0
filter_match_style=any
block_interval=10m
sms_pin_retry_limit=0
sms_request_limit=0
login_attempt_limit=0
root_module=oundle_school_root_module
billing_tiers=
dot1x_recompute_role_from_portal=enabled
preregistration=disabled
autoregister=disabled
scans=
reuse_dot1x_credentials=0
sources=Sponsors,local,OS_Staff,OS_Pupils,IT_Dept
provisioners=

[RESMachines]
locale=
filter=connection_type:Ethernet-EAP
description=RESMachines from AD
sources=RESMachines,Sponsors

[NoRESMachines]
locale=
filter=connection_type:Ethernet-EAP
description=Domained PC's without RES
sources=NoRESMachines,Sponsors



This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Sending Security Onion alerts to PacketFence

[Morgan, Darren]

Hi,

We have SecurityOnion (using Suricata) and PacketFence working well on our 
network.  I'm currently trying to send the alerts from the Security Onion 
server to the PacketFence server.  I've followed the instructions within the 
Administration Guide (Chapter 13 - We're using PF version 5.7) But I can't seem 
to get the alerts to be shown in PacketFence.  Does anyone have any ideas where 
I can start trying to solve this issue?  I've changed the syslog-ng.conf on the 
SecurityOnion server to log to a file to prove it works (Every alert shows in 
the file) but when I set it to send to the PacketFence server nothing appears 
to happen. There seems to be an outgoing connection from the Security Onion 
server to our PacketFence server;

Output of netstat -peanut;

udp0  0 127.0.0.1:52444 127.0.0.1:514   ESTABLISHED 
98920594   1641/ossec-csyslogd
udp0  0 192.168.XXX.231:57654   192.168.XXX.232:514 ESTABLISHED 
0  130271548498/syslog-ng
udp0  0 0.0.0.0:514 0.0.0.0:*   
0  130271508498/syslog-ng

But I don't seem to get an equivalent connection on the PacketFence server side;

udp0  0 0.0.0.0:514 0.0.0.0:*   
0  699304 3167/rsyslogd

So I assume the port is just listening.

I've checked that on the PacketFence server I've modified the rsyslog.conf, and 
created the securityonion_ids.conf, and made sure the alerting pipe exists.  
Also configured a new syslog parser through the GUI and created alerts (In this 
case to alert on any P2P traffic, which Security Onion shows that we have 
approx. 150 incidents a day)

Does anyone have any pointers where I can start digging to solve this?

Many thanks

Darren Morgan
Systems Manager
Oundle School


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Frustrated by installation instructions

[Morgan, Darren]

Hi Patrick,

I initially thought the same until someone suggested running ZEN on vSphere, 
and we haven’t looked back since.  Currently using it for on-boarding of BYOD 
devices for up to 400 users, and hope to roll out over the summer for the whole 
campus.  Also just about to integrate with Security Onion for violations, and 
the hope is that it will move systems that have Malware / Issues to a 
remediation vlan for attention.  Initial results are very promising.

Regards

Darren Morgan

Systems Manager

From: Patrick Lashway [mailto:patrick.lash...@pcc.edu]
Sent: 01 May 2016 09:58
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Frustrated by installation instructions

Hello all, I've spent the majority of my weekend trying to just install PF, 
sadly, there are no viable instructions, to the point that if they had not 
recently launched a new edition I would have thought the project must be 
abandoned (which would be a real loss).
I followed the instructions in the manual to the T for CEntOS 6 and 7, Debian 7 
and 8, and Ubuntu 12.  All returned with unsatisfied dependencies, there are no 
working fixes anywhere on the net; in fact, there are several posts of people 
asking in these forums on how to fix that particular issue, none of them are 
answered.
I've also branched out, followed some tutorials from other places, didn't work. 
 Searched for some of the dependencies, and they seem to only exist for PF, but 
with no concrete location to wget from.  On that note, there are a number of 
broken links on the site that make it even more difficult to navigate that it 
already would be.
I want to use this, PF seems like it would be perfect for what I'm after, but 
the poor support and documentation makes it really, really hard to want to keep 
trying.  At this point I feel like I'm left with migrating the Zen to my bare 
metal.

This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence setup with Aerohive

[Morgan, Darren]

Hi Fabrice,
Many thanks for this link, unfortunately we are on an earlier AeroHive version 
so it doesn't apply to us.  I will go through all of the AeroHive documentation 
again and see if I can find anything that I missed.
Regards
Darren Morgan

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 16 January 2016 02:42
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence setup with Aerohive

Hi Morgan,

i just find that:
https://community.aerohive.com/aerohive/topics/vlan-assignment-through-radius-stopped-working-after-updating-ap121-to-hiveos-6-5r3-honolulu-2530

Regards
Fabrice

Le 2016-01-15 04:21, Morgan, Darren a écrit :
Hi Fabrice - Another update. I've amended the switch config but I still cannot 
get the device to move to VLAN 214.  Any ideas?

Jan 15 09:17:16 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz 
request: from switch_ip => (192.168.214.9), connection_type => 
Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:a8), mac => 
[60:57:18:94:4d:a0], port => 0, username => "605718944da0" 
(pf::radius::authorize)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9) 
Returning ACCEPT with Role: registration 
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with 
VLAN: 120 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Updating node user_agent with 
useragent: 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like 
Gecko) Chrome/47.0.2526.106 Safari/537.36' 
(captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] redirected to authentication page on 
default portal 
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jan 15 09:18:06 httpd.webservices(2022) INFO: Memory configuration is not valid 
anymore for key config::Pf in local cached_hash (pfconfig::cached::is_valid)
Jan 15 09:18:10 httpd.portal(23189) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] URI 
'/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab' (URL: 
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)
 match proxy passthrough configuration. (pf::web::dispatcher::handler)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [OS_Staff] No entries found (0) with filter 
(sAMAccountName=smith.f) from OU=Oundle,DC=oundleschool,DC=local on 
192.168.100.42:389 (pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [OS_Pupils] Authentication successful for smith.f 
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Authentication successful for smith.f in source OS_Pupils 
(AD) (pf::authentication::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Successfully authenticated 
smith.f/192.168.120.227/60:57:18:94:4d:a0 
(captiveportal::PacketFence::Controller::Authenticate::authenticationLogin)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Calling match with empty/invalid rule class. Defaulting to 
'authentication' (pf::authentication::match)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [OS_Pupils Pupils_Default] Found a match (CN=Fred 
Smith,OU=2020OU,OU=Pupils,OU=OS,DC=oundleschool,DC=local) 
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Matched rule (Pupils_Default) in source OS_Pup

Re: [PacketFence-users] PacketFence setup with Aerohive

[Morgan, Darren]

tches.conf for 
the switch 192.168.214.9 (pf::Switch::getVlanByName)
Jan 15 08:25:58 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Resolved VLAN for node is not properly 
defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode)
Jan 15 08:25:58 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned 
VLAN: 4, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 08:25:58 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] VLAN reassignment required (current 
VLAN = 120 but should be in VLAN 4) (pf::enforcement::_should_we_reassign_vlan)
Jan 15 08:25:58 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] switch port is (192.168.214.9) ifIndex 
unknown connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation)
Jan 15 08:25:58 httpd.portal(23185) INFO: [ mac:[undef] ip:[undef] ] Memory 
configuration is not valid anymore for key interfaces::management_network in 
local cached_hash (pfconfig::cached::is_valid)
Jan 15 08:25:58 httpd.portal(23185) INFO: [ mac:[undef] ip:[undef] ] 
Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 15 08:25:58 httpd.portal(23185) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 08:25:58 httpd.portal(23185) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Memory configuration is not valid anymore for key 
interfaces::internal_nets in local cached_hash (pfconfig::cached::is_valid)
Jan 15 08:25:59 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] 
DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 15 08:25:59 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] 
deauthenticating (pf::Switch::radiusDisconnect)
Jan 15 08:25:59 httpd.webservices(2022) INFO: Memory configuration is not valid 
anymore for key interfaces::management_network in local cached_hash 
(pfconfig::cached::is_valid)
Jan 15 08:25:59 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz 
request: from switch_ip => (192.168.214.9), connection_type => 
Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:a8), mac => 
[60:57:18:94:4d:a0], port => 0, username => "605718944da0" 
(pf::radius::authorize)
Jan 15 08:25:59 httpd.aaa(1986) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 08:25:59 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection type is 
WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 08:25:59 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was defined 
"605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 08:25:59 httpd.aaa(1986) WARN: No parameter OS_PupilsVlan found in 
conf/switches.conf for the switch 192.168.214.9 (pf::Switch::getVlanByName)
Jan 15 08:25:59 httpd.aaa(1986) WARN: [60:57:18:94:4d:a0] Resolved VLAN for 
node is not properly defined: Replacing with macDetectionVlan 
(pf::vlan::fetchVlanForNode)
Jan 15 08:25:59 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID: "smith.f", 
Status: reg Returned VLAN: 4, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 08:25:59 httpd.aaa(1986) WARN: (192.168.214.9) No parameter 
OS_PupilsRole found in conf/switches.conf (pf::Switch::getRoleByName)
Jan 15 08:25:59 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with 
VLAN: 4 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 08:26:06 httpd.webservices(2022) INFO: oldip (192.168.212.166) and newip 
(192.168.224.120) are different for 00:cd:fe:d2:46:ee - closing iplog entry 
(pf::api::update_iplog)
Jan 15 08:26:16 httpd.webservices(2022) INFO: Memory configuration is not valid 
anymore for key config::Pf in local cached_hash (pfconfig::cached::is_valid)
Jan 15 08:26:17 httpd.webservices(2022) INFO: oldmac (f0:db:f8:7c:56:2e) and 
newmac (04:4b:ed:2e:d0:94) are different for 192.168.214.47 - closing iplog 
entry (pf::api::update_iplog)
Jan 15 08:26:20 httpd.webservices(2022) INFO: oldip (192.168.214.108) and newip 
(192.168.212.100) are different for 18:3a:2d:8e:24:fe - closing iplog entry 
(pf::api::update_iplog)

Regards

Darren

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 15 January 2016 01:08
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence setup with Aerohive

Hello Morgan,

what is missing is probably the deauth, can you paste the packetfence.log when 
you login ?

Regards
Fabrice

Le 2016-01-14 12:06, Morgan, Darren a écrit :
Hi,
I'm trying to set up our PacketFence system with our Wi-Fi.  I have managed to 
find some information online 
(https://community.aerohive.com/aerohive/topics/aerohive-integration-with-packetfence
 )
I can get Wi-Fi laptops to connect to the open SSID and they can reach the 
PacketFence Authentication portal on the registrati

Re: [PacketFence-users] PacketFence setup with Aerohive

[Morgan, Darren]

ip:192.168.120.227 ] [60:57:18:94:4d:a0] is currentlog connected at 
(192.168.214.9) ifIndex 0 in VLAN 120 
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Connection type is WIRELESS_MAC_AUTH. 
Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Username was defined "605718944da0" - 
returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned 
VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] VLAN reassignment required (current 
VLAN = 120 but should be in VLAN 214) 
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] [60:57:18:94:4d:a0] switch port is (192.168.214.9) ifIndex 
unknown connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0 
ip:192.168.120.227 ] Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] 
DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] 
deauthenticating (pf::Switch::radiusDisconnect)
Jan 15 09:18:19 httpd.webservices(2022) INFO: Memory configuration is not valid 
anymore for key interfaces::management_network in local cached_hash 
(pfconfig::cached::is_valid)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz 
request: from switch_ip => (192.168.214.9), connection_type => 
Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:94), mac => 
[60:57:18:94:4d:a0], port => 0, username => "605718944da0" 
(pf::radius::authorize)
Jan 15 09:18:19 httpd.aaa(1986) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection type is 
WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was defined 
"605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID: "smith.f", 
Status: reg Returned VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9) 
Returning ACCEPT with Role: OS_Pupils 
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with 
VLAN: 214 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
[root@localhost ~]#

Darren

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 15 January 2016 01:08
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence setup with Aerohive

Hello Morgan,

what is missing is probably the deauth, can you paste the packetfence.log when 
you login ?

Regards
Fabrice

Le 2016-01-14 12:06, Morgan, Darren a écrit :
Hi,
I'm trying to set up our PacketFence system with our Wi-Fi.  I have managed to 
find some information online 
(https://community.aerohive.com/aerohive/topics/aerohive-integration-with-packetfence
 )
I can get Wi-Fi laptops to connect to the open SSID and they can reach the 
PacketFence Authentication portal on the registration VLAN, but once 
authenticated it does not seem to move the device to the Authenticated VLAN.  
Does anyone have any experience with connecting PF to Aerohive through the 
online hivemanager?  Has anyone got any tips for fault-finding this sort of 
issue?
Kind regards
Darren Morgan
Systems Manager
Oundle School




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk<http://www.oundleschool.org.uk>





Scanned by iCritical.






--

Site24x7 APM Insight: Get Deep Visibility into Application Performance

APM + Mobile APM + RUM: Monitor 3 App instances at ju

[PacketFence-users] PacketFence setup with Aerohive

[Morgan, Darren]

Hi,
I'm trying to set up our PacketFence system with our Wi-Fi.  I have managed to 
find some information online 
(https://community.aerohive.com/aerohive/topics/aerohive-integration-with-packetfence
 )
I can get Wi-Fi laptops to connect to the open SSID and they can reach the 
PacketFence Authentication portal on the registration VLAN, but once 
authenticated it does not seem to move the device to the Authenticated VLAN.  
Does anyone have any experience with connecting PF to Aerohive through the 
online hivemanager?  Has anyone got any tips for fault-finding this sort of 
issue?
Kind regards
Darren Morgan
Systems Manager
Oundle School


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Customising Web Portals

[Morgan, Darren]

Hi,

Can someone point me in the direction of where to amend the help information in 
the footer of the login page.  I have found the following within the 
footer.html and it obviously points to some function / file but I fail to see 
where I can alter this;

[%# Footer %]


  [% UNLESS dont_show_help -%]
  
  [% i18n("help: provide info") %]
  
[% i18n("IP") %]: [% client_ip %]
[% i18n("MAC") %]: [% client_mac %]
  
  [%- END %]

  
  


Regards


Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
? Please consider the environment before printing this e-mail


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

Yep – That’s set to Default.  Relevant section of Violations.conf below;

[1600030]
priority=1
trigger=device::257
actions=autoreg,log
desc=Auto-register Device example
enabled=Y
vlan=default
grace=5m

Off home for weekend now, so no rush.

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 23 October 2015 16:22
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering



On Oct 23, 2015, at 10:43 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

I have one final hurdle that I think I’ve sorted but getting some odd results.  
We have some WYSE Thin Client units that I want to auto register and add to the 
default role.  I’ve set up a violation to do this and the device does indeed 
register, but fails to be assigned the role.  Any ideas?  Output from 
packetfence.log and switches.conf below;

Did you set a VLAN in the violation configuration?
Check the advanced tab in the violation editor for that violation.
It says “VLAN” but you should be able to set a role.

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Thanks Louis,

This is exactly what I needed.  Domained PC’s are now auto-registering, other 
PC’s and laptops are going to the portal page.  Just VOIP phones, WYSE units 
and a couple of printers to go!

Many thanks for all your assistance.  If you don’t mind, when we have completed 
the project I’ll create a step-by-step guide and forward it over.  It may help 
some other users.

Thanks again.

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 22 October 2015 16:36
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

Two things are required for that:

1. That the switch be configured to use 802.1x (i.e. dot1x) for authentication 
on the port.

Read the docs for your switch on how to do that.

2. That the 802.1x supplicant service be running on the connecting device.

See, e.g.   
http://windows.microsoft.com/en-ca/windows/enable-802-1x-authentication#1TC=windows-7

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

On Oct 22, 2015, at 10:39 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:


Looks like it’s not connecting with ETHERNET-EAP, but MAC-AUTH.  Any ideas on 
how I can change this?  Switch.conf and switch config below;


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

Having played around with Radius I can now get the PacketFence to detect the AD 
machines, but it places them in the registration Vlan instead of 
auto-registering them.  Do you have any clues for me to look into please.

Also I saw the note below about port-security traps being deprecated below, but 
how can the switch notify the PF server that something is happening without 
some form of trapping?  I can only get the RADIUS conversations to flow with 
those traps on (unless again, it’s something to do with ProCurves)

Regards

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 20 October 2015 14:54
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

And by the way…

Don’t use port-security traps for authentication.
It is a deprecated mode and support for it will be removed next year in 
PacketFence 6.

It’s insecure to begin with and scales badly.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Oct 20, 2015, at 9:49 , Louis Munro 
> wrote:

Hi Darren,

How are your switches configured?
What I am seeing in your logs are port-security traps rather than radius 
authentications.

The custom code in vlan/custom.pm allows to autoregister RADIUS EAP 
authenticated devices, not port-security traps.



This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

Just an update – When I ran those commands radius did not start (as you could 
see from the output in the previous email), although I can start it from  the 
web gui.

Darren

From: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Sent: 22 October 2015 15:16
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

Hi Louis,

I’ve run the commands – These are the results;

[root@localhost ~]# /usr/local/pf/bin/pfcmd service snmptrapd stop
service|command
snmptrapd|stop
[root@localhost ~]# pkill radiusd; radiusd -d /usr/local/pf/ -X
radiusd: FreeRADIUS Version 2.2.8, for host x86_64-redhat-linux-gnu, built on 
Aug 14 2015 at 16:56:35
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /usr/local/pf//radiusd.conf
Unable to open file "/usr/local/pf//radiusd.conf": No such file or directory
Errors reading or parsing /usr/local/pf//radiusd.conf
[root@localhost ~]#

Last few lines from packetfence.log;

Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: verifying process 20246 
(pf::services::manager::removeStalePid)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: Sending TERM signal to snmptrapd with pid 
20246 (pf::services::manager::stopService)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: verifying process 20246 
(pf::services::manager::removeStalePid)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: removing stale pid file 
/usr/local/pf/var/run/snmptrapd.pid (pf::services::manager::removeStalePid)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line 2015-10-22 14:10:34 
NET-SNMP version 5.5 Stopped. (main::)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line Stopping snmptrapd 
(main::)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line  (main::)

Let me know if you need further info.

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 22 October 2015 14:55
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Domained machines not auto-registering


Hi Darren,


On Oct 22, 2015, at 6:06 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

Having played around with Radius I can now get the PacketFence to detect the AD 
machines, but it places them in the registration Vlan instead of 
auto-registering them.  Do you have any clues for me to look into please.

First, stop snmptrapd on your PacketFence server (disable it for good actually…)
# /usr/local/pf/bin/pfcmd service snmptrapd stop

Then run radiusd in debug mode and look at the output.

# pkill radiusd; radiusd -d /usr/local/pf/ -X

Is anything coming in?
What is the output showing?


Also I saw the note below about port-security traps being deprecated below, but 
how can the switch notify the PF server that something is happening without 
some form of trapping?


Using RADIUS.
RADIUS is an authentication protocol. A correctly configured switch will send a 
RADIUS request for authentication to the RADIUS server anytime someone connects 
to a port.


I can only get the RADIUS conversations to flow with those traps on (unless 
again, it’s something to do with ProCurves)

The two are completely unrelated, and procurves are no different in that 
respect from any other switches.

Read the Procurve documentation. They actually have pretty decent doc about 
configuring 802.1x and RADIUS.
I suspect your problems come from not understanding what RADIUS is and how it 
works.

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)



This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle S

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

I’ve run the commands – These are the results;

[root@localhost ~]# /usr/local/pf/bin/pfcmd service snmptrapd stop
service|command
snmptrapd|stop
[root@localhost ~]# pkill radiusd; radiusd -d /usr/local/pf/ -X
radiusd: FreeRADIUS Version 2.2.8, for host x86_64-redhat-linux-gnu, built on 
Aug 14 2015 at 16:56:35
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /usr/local/pf//radiusd.conf
Unable to open file "/usr/local/pf//radiusd.conf": No such file or directory
Errors reading or parsing /usr/local/pf//radiusd.conf
[root@localhost ~]#

Last few lines from packetfence.log;

Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: verifying process 20246 
(pf::services::manager::removeStalePid)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: Sending TERM signal to snmptrapd with pid 
20246 (pf::services::manager::stopService)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: verifying process 20246 
(pf::services::manager::removeStalePid)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: pidof -x snmptrapd returned 20246 
(pf::services::manager::pidFromFile)
Oct 22 14:10:34 pfcmd.pl(31327) INFO: removing stale pid file 
/usr/local/pf/var/run/snmptrapd.pid (pf::services::manager::removeStalePid)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line 2015-10-22 14:10:34 
NET-SNMP version 5.5 Stopped. (main::)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line Stopping snmptrapd 
(main::)
Oct 22 14:10:37 pfsetvlan(0) WARN: ignoring non trap line  (main::)

Let me know if you need further info.

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 22 October 2015 14:55
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering


Hi Darren,


On Oct 22, 2015, at 6:06 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

Having played around with Radius I can now get the PacketFence to detect the AD 
machines, but it places them in the registration Vlan instead of 
auto-registering them.  Do you have any clues for me to look into please.

First, stop snmptrapd on your PacketFence server (disable it for good actually…)
# /usr/local/pf/bin/pfcmd service snmptrapd stop

Then run radiusd in debug mode and look at the output.

# pkill radiusd; radiusd -d /usr/local/pf/ -X

Is anything coming in?
What is the output showing?



Also I saw the note below about port-security traps being deprecated below, but 
how can the switch notify the PF server that something is happening without 
some form of trapping?


Using RADIUS.
RADIUS is an authentication protocol. A correctly configured switch will send a 
RADIUS request for authentication to the RADIUS server anytime someone connects 
to a port.



I can only get the RADIUS conversations to flow with those traps on (unless 
again, it’s something to do with ProCurves)

The two are completely unrelated, and procurves are no different in that 
respect from any other switches.

Read the Procurve documentation. They actually have pretty decent doc about 
configuring 802.1x and RADIUS.
I suspect your problems come from not understanding what RADIUS is and how it 
works.

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Thanks Louis. Away from office at minute but will check that tomorrow.  Regards 
Darren.

From: Louis Munro [lmu...@inverse.ca]
Sent: 22 October 2015 16:36
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

Two things are required for that:

1. That the switch be configured to use 802.1x (i.e. dot1x) for authentication 
on the port.

Read the docs for your switch on how to do that.

2. That the 802.1x supplicant service be running on the connecting device.

See, e.g. 
http://windows.microsoft.com/en-ca/windows/enable-802-1x-authentication#1TC=windows-7

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

On Oct 22, 2015, at 10:39 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:


Looks like it’s not connecting with ETHERNET-EAP, but MAC-AUTH.  Any ideas on 
how I can change this?  Switch.conf and switch config below;


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

Many thanks for your reply.  I think the key problem is probably the fact that 
I’m not using RADIUS EAP then, as our switches are either too old or don’t play 
well with it.  Switches.conf below;

[192.168.105.9]
SNMPUserNameTrap=manager
SNMPUserNameWrite=manager
AccessListMap=N
description=IT test lab
SNMPVersionTrap=2c
SNMPUserNameRead=manager
VoIPEnabled=N
uplink_dynamic=0
SNMPPrivPasswordRead=**
SNMPAuthPasswordWrite=**
SNMPAuthPasswordRead=**
SNMPPrivPasswordTrap=**
deauthMethod=Telnet
type=HP::Procurve_2600
SNMPVersion=2c
SNMPPrivPasswordWrite=**
uplink=26
SNMPAuthPasswordTrap=**
cliPwd=**
wsPwd=**
cliUser=manager
cliEnablePwd=**
wsUser=manager
mode=production
registrationVlan=120
isolationVlan=130
defaultVlan=105
defaultRole=default
RoleMap=N
SNMPCommunityTrap=private
BroadbandVlan=95
IT_StaffVlan=95
OS_PupilsVlan=105
RESMachinesVlan=105

Regards

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 20 October 2015 14:49
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

Hi Darren,

How are your switches configured?
What I am seeing in your logs are port-security traps rather than radius 
authentications.

The custom code in vlan/custom.pm allows to autoregister RADIUS EAP 
authenticated devices, not port-security traps.

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

On Oct 20, 2015, at 9:42 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

Hi,

Just a further update – I have been struggling with this for nearly a week now 
and still no further on.  We are using PacketFence in VLAN enforcement mode.  
PC’s are just being moved to the registration VLAN and do not seem to be 
auto-registered.  We are using HP Procurve switches (2626) so only using 
port-security and not dot1X.  I have uncommented the “custom.pm” that should 
activate the auto-registration as far as I know.

Regards

Darren Morgan

From: Morgan, Darren
Sent: 16 October 2015 15:35
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Domained machines not auto-registering

Hi Fabrice and List,

I’ve now successfully set up PF ZEN (5.4.0) with HP2626 switch so that end user 
devices can connect, prompt for AD credentials and authenticate successfully.  
The vlan switches dependant on OU and all is good.  Unfortunately I cannot get 
Domained machines to auto-register.  They stay stuck in the registration vlan.  
Any pointers as to where I’m going wrong?  Logs and Conf’s below;

PACKETFENCE.LOG

Oct 16 14:16:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:04 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:19 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:40 pfsetvlan(8) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(7) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(6) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:41 pfsetvlan(5) INFO: secureMacAddrViolation trap received on 
192.168.105.9 ifIndex 10 for d4:ae:52:c1:ca:8f (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 192.168.105.9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(2) INFO: nb of items in queue: 1; nb of threads 
running: 1 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: de-authorizing d4:ae:52:c1:ca:8f (new entry 
02:00:00:00:00:09) at old location 192.168.105.9 ifIndex 9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(5) INFO: [d4:ae:52:c1:ca:8f] is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 16 14:17:41 pfsetvlan(5) INFO: authorizing d4:ae:52:c1:ca:8f at new 
location 192.168.105.9 ifIndex 10 (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: setting VLAN at 192.168.105.9 ifIndex 10 
from 1 to 120 (pf::Switch::setVlan)
Oct 

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Looks like I’ll have to sort out RADIUS then.   More homework!

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 20 October 2015 14:54
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

And by the way…

Don’t use port-security traps for authentication.
It is a deprecated mode and support for it will be removed next year in 
PacketFence 6.

It’s insecure to begin with and scales badly.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Oct 20, 2015, at 9:49 , Louis Munro 
> wrote:

Hi Darren,

How are your switches configured?
What I am seeing in your logs are port-security traps rather than radius 
authentications.

The custom code in vlan/custom.pm allows to autoregister RADIUS EAP 
authenticated devices, not port-security traps.



This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Louis,

I’ve tried with the latest firmware on our HP2626 (10.115)  I suspect the 
switch I’m using is just too old.  When setting the switch up I am unable to 
add server-groups in (Not an option on the switch)  Think this is why I’m 
having trouble.  I will have to ask for some newer switches to work on.

Apologies as it looks like all HP 2600’s are not the same!

Regards

Darren

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: 20 October 2015 15:10
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Domained machines not auto-registering

Hi Darren,
Procurves 2600 do support RADIUS MAC authentication and dot1x (at least with a 
somewhat recent firmware).

What problems are you encountering with RADIUS exactly?

Regards,
--
Louis Munro
lmu...@inverse.ca<mailto:lmu...@inverse.ca>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

On Oct 20, 2015, at 10:05 , Morgan, Darren 
<dmor...@oundleschool.org.uk<mailto:dmor...@oundleschool.org.uk>> wrote:

Hi Louis,

Many thanks for your reply.  I think the key problem is probably the fact that 
I’m not using RADIUS EAP then, as our switches are either too old or don’t play 
well with it.  Switches.conf below;

[192.168.105.9]
SNMPUserNameTrap=manager
SNMPUserNameWrite=manager
AccessListMap=N
description=IT test lab
SNMPVersionTrap=2c
SNMPUserNameRead=manager
VoIPEnabled=N
uplink_dynamic=0
SNMPPrivPasswordRead=**
SNMPAuthPasswordWrite=**
SNMPAuthPasswordRead=**
SNMPPrivPasswordTrap=**
deauthMethod=Telnet
type=HP::Procurve_2600
SNMPVersion=2c
SNMPPrivPasswordWrite=**
uplink=26
SNMPAuthPasswordTrap=**
cliPwd=**
wsPwd=**
cliUser=manager
cliEnablePwd=**
wsUser=manager
mode=production
registrationVlan=120
isolationVlan=130
defaultVlan=105
defaultRole=default
RoleMap=N
SNMPCommunityTrap=private
BroadbandVlan=95
IT_StaffVlan=95
OS_PupilsVlan=105
RESMachinesVlan=105

Regards

Darren


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi,

Just a further update - I have been struggling with this for nearly a week now 
and still no further on.  We are using PacketFence in VLAN enforcement mode.  
PC's are just being moved to the registration VLAN and do not seem to be 
auto-registered.  We are using HP Procurve switches (2626) so only using 
port-security and not dot1X.  I have uncommented the "custom.pm" that should 
activate the auto-registration as far as I know.

Regards

Darren Morgan

From: Morgan, Darren
Sent: 16 October 2015 15:35
To: packetfence-users@lists.sourceforge.net
Subject: Domained machines not auto-registering

Hi Fabrice and List,

I've now successfully set up PF ZEN (5.4.0) with HP2626 switch so that end user 
devices can connect, prompt for AD credentials and authenticate successfully.  
The vlan switches dependant on OU and all is good.  Unfortunately I cannot get 
Domained machines to auto-register.  They stay stuck in the registration vlan.  
Any pointers as to where I'm going wrong?  Logs and Conf's below;

PACKETFENCE.LOG

Oct 16 14:16:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:04 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:19 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:40 pfsetvlan(8) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(7) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(6) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:41 pfsetvlan(5) INFO: secureMacAddrViolation trap received on 
192.168.105.9 ifIndex 10 for d4:ae:52:c1:ca:8f (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 192.168.105.9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(2) INFO: nb of items in queue: 1; nb of threads 
running: 1 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: de-authorizing d4:ae:52:c1:ca:8f (new entry 
02:00:00:00:00:09) at old location 192.168.105.9 ifIndex 9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(5) INFO: [d4:ae:52:c1:ca:8f] is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 16 14:17:41 pfsetvlan(5) INFO: authorizing d4:ae:52:c1:ca:8f at new 
location 192.168.105.9 ifIndex 10 (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: setting VLAN at 192.168.105.9 ifIndex 10 
from 1 to 120 (pf::Switch::setVlan)
Oct 16 14:17:41 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
Oct 16 14:17:41 pfsetvlan(1) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:42 pfsetvlan(1) INFO: secureMacAddrViolation trap received on 
192.168.105.9 ifIndex 10 for d4:ae:52:c1:ca:8f (main::handleTrap)
Oct 16 14:17:42 pfsetvlan(1) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 192.168.105.9 
(main::do_port_security)
Oct 16 14:17:42 pfsetvlan(1) INFO: MAC d4:ae:52:c1:ca:8f is already authorized 
on 192.168.105.9 ifIndex 10. Stopping secureMacAddrViolation trap handling here 
(main::handleTrap)
Oct 16 14:17:42 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Oct 16 14:17:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)

AUTHENTICATION.CONF

[local]
description=Local Users
type=SQL

[file1]
description=Legacy Source
stripped_user_name=yes
path=/usr/local/pf/conf/admin.conf
type=Htpasswd

[file1 rule admins]
description=All admins
class=authentication
match=all
action0=set_access_level=ALL

[sms]
description=SMS-based registration
sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,100091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,10007

Re: [PacketFence-users] AD users not authenticating through portal

[Morgan, Darren]

Hi Fabrice,

Many thanks for the reply.  I checked the packetfence.log (using " tail 
packetfecnce.log -n 50 " for noobs like me)   and found that it was only 
checking the AD for one of the sources.  Just added the other sources and all 
was OK.

Many thanks again.

Regards

Darren

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 15 October 2015 23:24
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD users not authenticating through portal

Hello Morgan,

first check in packetfence.log when you hit the captive portal : Instantiate 
profile ...

Then paste your profiles.conf and authentication.conf (remove sensible 
information)

Regards
Fabrice

Le 2015-10-14 12:06, Morgan, Darren a écrit :
Hi,

Probably a bit of a 'noob' question but I'm trying to find out why my AD users 
are not authenticating through the web portal.  I have a domain / realm sorted, 
and sources are configured and test works on them, but when I input a username 
and password it comes up with "Invalid login or password"

If I log in with the PacketFence admin password I get " Sorry   You do not have 
the permission to register a device with this username"

Can someone point me in the right direction to diagnose this issue.  i.e. which 
logs can I look in (and where will they be?)

Using latest version (5.4.o) and all services running.

Regards

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk<http://www.oundleschool.org.uk>





Scanned by iCritical.






--




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Domained machines not auto-registering

[Morgan, Darren]

Hi Fabrice and List,

I've now successfully set up PF ZEN (5.4.0) with HP2626 switch so that end user 
devices can connect, prompt for AD credentials and authenticate successfully.  
The vlan switches dependant on OU and all is good.  Unfortunately I cannot get 
Domained machines to auto-register.  They stay stuck in the registration vlan.  
Any pointers as to where I'm going wrong?  Logs and Conf's below;

PACKETFENCE.LOG

Oct 16 14:16:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:04 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:19 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:40 pfsetvlan(8) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(7) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(6) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:40 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:41 pfsetvlan(5) INFO: secureMacAddrViolation trap received on 
192.168.105.9 ifIndex 10 for d4:ae:52:c1:ca:8f (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 192.168.105.9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(2) INFO: nb of items in queue: 1; nb of threads 
running: 1 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: de-authorizing d4:ae:52:c1:ca:8f (new entry 
02:00:00:00:00:09) at old location 192.168.105.9 ifIndex 9 
(main::do_port_security)
Oct 16 14:17:41 pfsetvlan(5) INFO: [d4:ae:52:c1:ca:8f] is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 16 14:17:41 pfsetvlan(5) INFO: authorizing d4:ae:52:c1:ca:8f at new 
location 192.168.105.9 ifIndex 10 (main::handleTrap)
Oct 16 14:17:41 pfsetvlan(5) INFO: setting VLAN at 192.168.105.9 ifIndex 10 
from 1 to 120 (pf::Switch::setVlan)
Oct 16 14:17:41 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
Oct 16 14:17:41 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
Oct 16 14:17:41 pfsetvlan(1) INFO: Memory configuration is not valid anymore 
for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Oct 16 14:17:42 pfsetvlan(1) INFO: secureMacAddrViolation trap received on 
192.168.105.9 ifIndex 10 for d4:ae:52:c1:ca:8f (main::handleTrap)
Oct 16 14:17:42 pfsetvlan(1) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 192.168.105.9 
(main::do_port_security)
Oct 16 14:17:42 pfsetvlan(1) INFO: MAC d4:ae:52:c1:ca:8f is already authorized 
on 192.168.105.9 ifIndex 10. Stopping secureMacAddrViolation trap handling here 
(main::handleTrap)
Oct 16 14:17:42 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Oct 16 14:17:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)
Oct 16 14:17:49 httpd.webservices(20187) INFO: Instantiate profile default 
(pf::Portal::ProfileFactory::instantiate)

AUTHENTICATION.CONF

[local]
description=Local Users
type=SQL

[file1]
description=Legacy Source
stripped_user_name=yes
path=/usr/local/pf/conf/admin.conf
type=Htpasswd

[file1 rule admins]
description=All admins
class=authentication
match=all
action0=set_access_level=ALL

[sms]
description=SMS-based registration
sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,100091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,100078
type=SMS
create_local_account=no

[sms rule catchall]
description=
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[email]
description=Email-based registration
email_activation_timeout=10m
type=Email
create_local_account=no
allow_localdomain=yes

[email rule catchall]
description=
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[sponsor]
description=Sponsor-based registration
type=SponsorEmail
create_local_account=no
allow_localdomain=yes

[sponsor rule catchall]
description=
class=authentication
match=all
action0=set_role=guest

[PacketFence-users] Integration with iBoss SSO

[Morgan, Darren]

Hi,
Does anyone have any experience with integrating PF with iBoss.  Have basic PF 
set up and working well with our network and authenticating though AD now and 
would like all devices to authenticate through the iBoss filter.

Not really sure where to start on the iBoss side?

Regards

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
? Please consider the environment before printing this e-mail


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] AD users not authenticating through portal

[Morgan, Darren]

Hi,

Probably a bit of a 'noob' question but I'm trying to find out why my AD users 
are not authenticating through the web portal.  I have a domain / realm sorted, 
and sources are configured and test works on them, but when I input a username 
and password it comes up with "Invalid login or password"

If I log in with the PacketFence admin password I get " Sorry   You do not have 
the permission to register a device with this username"

Can someone point me in the right direction to diagnose this issue.  i.e. which 
logs can I look in (and where will they be?)

Using latest version (5.4.o) and all services running.

Regards

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
? Please consider the environment before printing this e-mail


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcpd service not starting

[Morgan, Darren]

Thanks Fabrice,

Worked perfectly.

Regards

Darren

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 12 October 2015 19:19
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] dhcpd service not starting

Hello Darren,

it looks that you define manually the isolation and registration network in 
dhcpd.conf (in /usr/local/pf/conf/).
The dhcp configuration is managed by pf and it generate a file in 
var/conf/dhcpd.conf, so remove the 2 scopes you defined manually and do a:
bin/pfcmd configreload hard
bin/pfcmd service dhcpd restart

Regards
Fabrice


Le 2015-10-12 12:03, Morgan, Darren a écrit :
Hi,

We are trialing PF but cannot get the dhcpd service to run.  It shows the 
following errors on startup (dhcpd.conf and networks.conf copied in after 
errors);

nternet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/usr/local/pf/var/conf/dhcpd.conf line 48: range declaration not allowed here.
  range
   ^
/usr/local/pf/var/conf/dhcpd.conf line 50: expecting a declaration
  max-lease-time 30;
^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.10 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.11 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
##  lots of lines cut out ##

/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.246 is declared 
twice!
  range 192.168.120.10 192.168.120.246;

Configuration file errors encountered -- exiting

This version of ISC DHCP is based on the release available
on ftp.isc.org<ftp://ftp.isc.org>.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the CentOS Bugs Database:
http://bugs.centos.org/

exiting.
dhcpd|not started 0m

###
dhcpd.conf
###
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;
#// Registration network definition
subnet 192.168.120.0 netmask 255.255.255.0 {
   option routers 192.168.100.42;
   option subnet-mask 255.255.255.0;
   option domain-name "oundleschool.local";
   option domain-name-servers 192.168.100.42;
   range 192.168.120.10 192.168.120.249;
   default-lease-time 300;
   max-lease-time 300;
}

#// Isolation network definition
subnet 192.168.130.0 netmask 255.255.255.0 {
   option routers 192.168.100.43;
   option subnet-mask 255.255.255.0;
   option domain-name "isolation.oundleschool.local";
   option domain-name-servers 192.168.100.43;
   range 192.168.130.10 192.168.130.249;
   default-lease-time 300;
   max-lease-time 300;
}
log-facility local6;

%%omapi%%

%%active%%

%%networks%%


##
networks.conf
##
[192.168.130.0]
dns=192.168.130.1
dhcp_start=192.168.130.10
gateway=192.168.130.1
domain-name=vlan-isolation.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.130.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30

[192.168.120.0]
dns=192.168.120.1
dhcp_start=192.168.120.10
gateway=192.168.120.1
domain-name=vlan-registration.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.120.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30

Any ideas?

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk<http://www.oundleschool.org.uk>





Scanned by iCritical.






--




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] dhcpd service not starting

[Morgan, Darren]

Hi,

We are trialing PF but cannot get the dhcpd service to run.  It shows the 
following errors on startup (dhcpd.conf and networks.conf copied in after 
errors);

nternet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/usr/local/pf/var/conf/dhcpd.conf line 48: range declaration not allowed here.
  range
   ^
/usr/local/pf/var/conf/dhcpd.conf line 50: expecting a declaration
  max-lease-time 30;
^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.10 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.11 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
##  lots of lines cut out ##

/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.246 is declared 
twice!
  range 192.168.120.10 192.168.120.246;

Configuration file errors encountered -- exiting

This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the CentOS Bugs Database:
http://bugs.centos.org/

exiting.
dhcpd|not started 0m

###
dhcpd.conf
###
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;
#// Registration network definition
subnet 192.168.120.0 netmask 255.255.255.0 {
   option routers 192.168.100.42;
   option subnet-mask 255.255.255.0;
   option domain-name "oundleschool.local";
   option domain-name-servers 192.168.100.42;
   range 192.168.120.10 192.168.120.249;
   default-lease-time 300;
   max-lease-time 300;
}

#// Isolation network definition
subnet 192.168.130.0 netmask 255.255.255.0 {
   option routers 192.168.100.43;
   option subnet-mask 255.255.255.0;
   option domain-name "isolation.oundleschool.local";
   option domain-name-servers 192.168.100.43;
   range 192.168.130.10 192.168.130.249;
   default-lease-time 300;
   max-lease-time 300;
}
log-facility local6;

%%omapi%%

%%active%%

%%networks%%


##
networks.conf
##
[192.168.130.0]
dns=192.168.130.1
dhcp_start=192.168.130.10
gateway=192.168.130.1
domain-name=vlan-isolation.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.130.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30

[192.168.120.0]
dns=192.168.120.1
dhcp_start=192.168.120.10
gateway=192.168.120.1
domain-name=vlan-registration.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.120.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30

Any ideas?

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
? Please consider the environment before printing this e-mail


This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  www.oundleschool.org.uk
 Scanned by iCritical.

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users