Re: [PacketFence-users] Fortinet VPN Support.

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Did you declare your Fortinet device as a Network Device (FortiGate) in 
PacketFence with CLI option enabled ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence captive portal with external DHCP server

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

I recommend you to keep PacketFence as DNS and DHCP server in 
registration VLAN.


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Failing to authenticate

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

1. Do you join your PacketFence server to an AD domain ?

From my point of view, you should use an encapsulated method on 
supplicant side (EAP-PEAP in your case) in place of using EAP-MD5.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Upgrade PF 9.3 to 10.1 - recompile Netflow kernel module

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Chris,

Try to reinstall iptables-netflow-dkms package.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank is not starting

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

Did you configure a Fingerbank API key during inital setup ? If you 
don't remember, take a look at /usr/local/fingerbank/conf/fingerbank.conf.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Zen 10.1.0 on ESXi VM, No Initial Setup Wizard or configurator

[Nicolas Quiniou-Briand via PacketFence-users]

Hello dpsguard

On 20/08/2020 22:41, dpsguard-ca--- via PacketFence-users wrote:
I am new to the packetfence. I downloaded and installed the latest ZEN 
appliance and everything went well, but when I go to 
https://:1443 , I 
was expecting to run a setup wizard as per documentation.


I'm not able to replicate your issue.

I downloaded latest ZEN this morning, install it and when I go to 
https://:1443, I'm redirected to configurator.


If you are directly redirected to log in page, it could mean than 
someone has passed configurator for you.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with Suricata

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

According to [1], you certainly need to adjust your regex defined in 
Syslog Parser section.


[1] 
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_suricata_ids


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unregister user upon linkdown

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 18/08/2020 15:02, Tomasz Karczewski via PacketFence-users wrote:

MAB should take care of radius accounting stop.


That's not the case at the moment as described in [1].

If you enable this setting in a MAB scenario with a captive portal 
registration, your network device will send a RADIUS accounting stop 
message when PacketFence will move device from registration VLAN to 
production VLAN. Consequently, your device will be 
registrered/unregistered endlessly.


[1] 
https://github.com/inverse-inc/packetfence/commit/bd29c1d9b30e27aa632688b08df4434b914cd3fc


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unable to find packetfence android agent on google´s play store

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 18/08/2020 23:28, Rokkhan via PacketFence-users wrote:
I am unable to find packetfence android agent on google´s play store. I 
have tried on different devices. Last week I did install it on a device.

¿has it been removed?


It should be available now: 
https://play.google.com/store/apps/details?id=org.packetfence.agent=fr


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] mab authentication

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 19/08/2020 13:14, Summons Wu via PacketFence-users wrote:
The mab authentication cannot be restricted, and the mab authorization 
cannot be passed or rejected based on the whitelist method. How to 
achieve this requirement?


I'm not able to understand what you mean, could you rephrase ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node deletion prohibited

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 14/08/2020 11:50, Summons Wu via PacketFence-users wrote:

70:c9:4e:dd:25:e3 has an open locationlog entry. Node deletion prohibited
node/70%3Ac9%3A4e%3Add%3A25%3Ae3


If you want to delete nodes, you need to enable node_cleanup task in 
Configuration -> System configuration -> Maintenance and set delete_time 
to a value that fits your needs.


Node deletion will be possible through GUI in v10.2.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Debian 10 support?

[Nicolas Quiniou-Briand via PacketFence-users]

Hi David,

On 15/08/2020 21:20, David Harvey via PacketFence-users wrote:
Hey folks, couldn't find anything to easily track this with, just 
curious as to if there's an ETA on this?


Nothing has been decided right now but it should come within the v10 
lifecycle.


Feel free to create an issue on your bugtracker [1] for this specific topic.

[1] https://github.com/inverse-inc/packetfence/issues/new/choose
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unregister user upon linkdown

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Aimen,


On 17/08/2020 18:37, Aimen Asfour via PacketFence-users wrote:

Hello,

I began testing packetfence recently using captive portal via 
Ethernet-NoEAP and RADIUS authentication and I was wondering if it’s 
possible to unregister a user as soon as they are physically 
disconnected from the network (shutdown switchport or unplug ethernet cable)


Sincerely,

*Aimen,*


It possible using unreg_on_accounting stop but you need:
- to use 802.1X (not Ethernet-NoEAP)
- to have a switch that send accounting stop message

Also, you can take a look at the Network logoff page that allow a user 
to disconnect himself.


To conclude, keep in mind that when a device is registered, PacketFence 
will automatically deregistrer the device (from its current network 
device) when unregistration date is reached.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Understanding error message after joining domain

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Neal,

On 17/08/2020 19:16, 'van Rooij Neal' via PacketFence-users wrote:

Join output:
kerberos_kinit_password Administrator@NVAN failed: Cannot find KDC for 
requested realm

DNS update failed: NT_STATUS_INVALID_PARAMETER
Using short domain name -- NVAN
Joined 'LOCALHOST' to dns domain 'nvan.labo'


It looks like your join worked. You can ignore error message.

To be sure all is working, run following commands on your PF server:
#v+
chroot /chroots/DOMAIN
wbinfo -t
#v-
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Device registration module is notenabled

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Emanuele,

On 29/07/2020 16:55, Emanuele Gabrielli via PacketFence-users wrote:

How may I enable the device registration module?


You need to assign a self service portal policy on connection profile 
matched.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus - DPSK Support

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 02/08/2020 23:18, Colton Conor via PacketFence-users wrote:
Anyways, it seems the Packetfence does support Ruckus, but does 
packetfence support Ruckus DPSK technology? 
https://www.ruckuswireless.com/content/dynamic-pre-shared-key-dpsk


PacketFence doesn't support DPSK for Ruckus.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence v.10 Administration guide

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Unfortunately, there is no more administration guide for PacketFence. 
Take a look in Installation and Cluster guides, there is some 
instructions related to administration.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Upgraded to 10.1.0 and Winbind stopped working.

[Nicolas Quiniou-Briand via PacketFence-users]

On 10/07/2020 20:30, Robert McNutt via PacketFence-users wrote:
Did an upgrade from 10.0.0 to 10.1.0 and now 802.1X auth doesn't work 
when using PEAP. The audit log shows error reading winbind reply. Any 
thoughts on what could cause this?


mschap: Program returned code (1) and output 'Reading winbind reply 
failed! (0xc001)'



You should be able to see something in packetfence.log.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Citrix support for authentication authorization and session recording

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 11/07/2020 15:51, Jitendra Gondaliya via PacketFence-users wrote:
We are exploring packetfence for our NAC deployment and one of our core 
requirement is integration of Citrix with NAC for authentication, 
authorization and session details recording. I was looking at the 
features list and documentation but I don’t see any details on Citrix.


Could you elaborate a bit more which Citrix integration do you want ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] UPN Authentication for 802.1x

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 15/07/2020 15:55, Nick Payne via PacketFence-users wrote:
Is it possible to have PacketFence authenticate by UPN instead of 
samAccountName?


Yes, you can specify other LDAP attributes to use for authentication on 
your authentication source using "Search Attributes" field.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco Catalyst 9800 Wireless Controller

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 20/07/2020 09:27, Enrico Becchetti via PacketFence-users wrote:

Does Packetfence work with these controllers ?


I would say: if these controllers support RADIUS, PacketFence can 
support them.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Warning after update to 10.1.0

[Nicolas Quiniou-Briand via PacketFence-users]

I opened following bug regarding your issue: 
https://github.com/inverse-inc/packetfence/issues/5671


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Warning after update to 10.1.0

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Thanks for you report. I'm able to replicate this bug.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Clustering Guide Sanity Check

[Nicolas Quiniou-Briand via PacketFence-users]

If I was you, I will:
- break the `--force-new-cluster` command
- completely stop any MariaDB service
- restart at this step:

#v+
systemctl stop packetfence-mariadb
/usr/local/pf/bin/pfcmd generatemariadbconfig
/usr/local/pf/sbin/pf-mariadb --force-new-cluster
#v-
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Authentication Rules mismatch

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

It's simply because your first rule match and PacketFence stop at first 
match.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence, UniFi and Fortigate

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Jeff,

On 02/07/2020 20:31, Jeff Goodman via PacketFence-users wrote:

I have packetfence configured for SSO and configured it to send the auth to my 
fortigate which is receiving the information but the username that I am 
receiving is the MAC Address not the username.


1. Could you share your firewall_sso.conf file (without secrets) ? I 
would like to reproduce this issue.


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Give users the opportunity to enter their credentials

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Leonardo,

Could you describe why you want a wired user to be able to register 
using 802.1X and MAC auth at different moment ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Machine Authentication

[Nicolas Quiniou-Briand via PacketFence-users]

And don't forget to restart RADIUS services after your update your 
REALMS ;-)


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: 10.1.0 Connection profile doesnt match.

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Giacinto,

We just fixed this issue [1]. Website will be updated ASAP. Meanwhile, 
you can read updated instructions on your forge [2]



[1] https://github.com/inverse-inc/packetfence/issues/5621
[2] 
https://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc#upgrading-from-a-version-prior-to-10-1-0

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.

[Nicolas Quiniou-Briand via PacketFence-users]

On 22/06/2020 13:44, Tomasz Karczewski wrote:

I forget to use update scripts in /usr/local/pf/addons/upgrade/to-10.1
Patches applied and started to work.


That's not your fault, see [1]

[1] https://github.com/inverse-inc/packetfence/issues/5621
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 22/06/2020 12:13, Tomasz Karczewski via PacketFence-users wrote:

Hi,

After update to 10.1.0 version my connection profiles doesnt match.

Only Default is matching.


Not able to reproduce on my side on a clean setup with a minimal 
configuration.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Print AUP

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 18/06/2020 17:12, Franklin, Adam via PacketFence-users wrote:

Is anyone able to check this out? The print off slip is blank for our User 
Managers. It's a shame to lose this functionality that we once had with version 
8


From what I see, it's more a bug than a loose of functionnality.

I tried to reproduce and it seems that User Managers need to have 
CONFIGURATION_MAIN_READ role. Certainly because they need to be able to 
read emails templates.


I will open an issue too.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Print AUP

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 14/05/2020 16:49, Franklin, Adam via PacketFence-users wrote:

In packetfence V10 is there a way to print the AUP when creating a new
user?


By default, only content of 
html/captive-portal/templates/emails/emails-guest_local_account_creation.mjml 
is displayed. But you can certainly add your AUP by modifying 
html/captive-portal/templates/emails/emails-guest_local_account_creation.html 
(HTML file, not MJML).


I will open an issue on your bug tracker because AUP was added 
automatically before PF v9.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Zero Effort NAC and VMware 7

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Louis,

I reopened your issue [1]. Could you tell me if you got same error 
message than previously ?



[1] https://github.com/inverse-inc/packetfence/issues/5522
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Zero Effort NAC and VMware 7

[Nicolas Quiniou-Briand via PacketFence-users]

On 18/06/2020 15:19, Louis Scaringella wrote:

Do you know when it’ll be available on the website? I’ll send it over to my 
client to try ASAP.


It has been updated 20 minutes ago: 
https://packetfence.org/download.html#/zen

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Zero Effort NAC and VMware 7

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Louis,

On 17/06/2020 23:20, Louis Scaringella via PacketFence-users wrote:

I may install in ESXI 6.7 and then export OVA and import to VMware 7.


This issue has been fixed yesterday by removing PIIX4 from OVA [1].

Could you make a try with PacketFence-ZEN 10.1.0 ?

Thanks

[1] 
https://github.com/inverse-inc/packetfence/commit/6923dfa77805425dfc4765a9b2e4eb8c4db4d3ab

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Pcketfence 10 MS-Chap does not working

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 02/05/2020 01:06, evren korkmaz via PacketFence-users wrote:

If you remember, i wrote you about this issue.
Fabrice helped me about this issue for pf v9.3

Solution:

/cd /usr/local/pf/

/curl 
https://github.com/inverse-inc/packetfence/compare/feature/vpn_mschap.diff | 
patch -p1/


This solution does not work for packetfence 10.


Branch has been deleted and code has been merged into PF core (will be 
available in PF v10.1).


On a PF v10.0.1, you can try to apply patch like this:
#v+
cd /usr/local/pf
curl 
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5265.diff 
| git apply

#v-
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] BUG in WEB GUI - Connection Profiles

[Nicolas Quiniou-Briand via PacketFence-users]

Certainly related to https://github.com/inverse-inc/packetfence/issues/5458

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] API - /config/switch POST

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Talan,

 I have gone through the API documentation and I cannot see anywhere for a /config/switch as a POST request. Is there a reason behind this? Is this something that will be implemented in an upgrade? 


API call exists but is not documented. You can use your web browser 
console to see how GUI deal with this API call when creating a new switch.


As an example, you can take a look at how we create switch and switch 
group for our integration tests [1] using Venom.


- [1] 
https://github.com/inverse-inc/packetfence/blob/d89849e243c03ca09d649e61a204651978678222/t/venom/pfservers/global_config/15_create_network_devices.yml

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Reeavulate Access Log Warning

[Nicolas Quiniou-Briand via PacketFence-users]

On 22/05/2020 16:59, Chad Jemison wrote:

I get the following when using the Aruba templates

May 22 10:58:08 nac pfqueue: pfqueue(13316) WARN: 
[mac:64:16:7f:57:cb:b8] Unable to perform RADIUS Disconnect/CoA Request: 
Timeout waiting for a reply from 192.168.101.30 on port 3799 at 
/usr/local/pf/lib/pf/util/radius.pm line 185. 
(pf::Switch::Template::catch {...} )


May 22 10:58:08 nac pfqueue: pfqueue(13316) ERROR: 
[mac:64:16:7f:57:cb:b8] Wrong RADIUS secret or unreachable network 
device... (pf::Switch::Template::catch {...} )


Certainly because you need to configure RFC 3576 (RADIUS Disconnect) on 
your network device. If you use the Aruba switch template previously 
mentioned, you will also need to enable accouting on your network device.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] user creation form - specify mandatory fields (admin gui)

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 25/05/2020 10:47, Schaller, Amin via PacketFence-users wrote:

I'm not able to manually create a user object in the admin GUI
because of the mandatory fields. If a user registers himself via
captive portal, the only fields set will be "Username (PID)" (his tel
nr) and "Telephone number" (again his tel nr) and that’s OK.
When manually creating the user I have to fill in the fields "PID" (this is ok), "Password" (don't need this) and "Registration Window" (don't need this). 


OK I understand what you want to do but I don't knwo why.

What is the purpose behind creating a user like this ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] (no subject)

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 26/05/2020 05:06, Summons Wu via PacketFence-users wrote:

Hi:
May I ask how to configure authorization acl in PF, the configuration 
document does not introduce this part of the content, please also guide, 
thank you.


You can find an example here [1]

[1] 
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_downloadable_acls

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SAML Authentication with GoogleSuite return Error

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 24/05/2020 06:54, BornTo Die via PacketFence-users wrote:

Hi Nicolas,
     I found that the issue maybe related to the lasso operation with 
idp, not from my configuration https://dev.entrouvert.org/issues/29663 .


Already checked this post in the past, not sure it's related.

Could you make following test: 
https://sourceforge.net/p/packetfence/mailman/message/36922132/ ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SAML Authentication with GoogleSuite return Error

[Nicolas Quiniou-Briand via PacketFence-users]

According to your error message, it seems that PacketFence is not able 
to validate Identity Provider message [1].


I suggest you to double check your source and certificate configuration.

[1] 
https://github.com/inverse-inc/packetfence/blob/d0d44624fa88c6ce28733c344b01372a541e5a2b/lib/pf/Authentication/Source/SAMLSource.pm#L196-L198


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Reeavulate Access Log Warning

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Chad,

On 19/05/2020 17:02, Chad Jemison via PacketFence-users wrote:
From troubleshooting, I am able to 
get the proper VOICE VLAN assignment if I use the Packetfence::Standard 
switch template, but some other features are not functioning on the 
Aruba 2930 switches I have.


Which other features didn't work ?

Recently, I created the ArubaSwitchNG template which was tested on 2530 
using Aruba 0S 16.10. I didn't test the voice part but if it's working 
as expected with PacketFence::Standard, maybe you can try to add the 
voice part to the ArubaSwitchNG template and make a new test.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] user creation form - specify mandatory fields (admin gui)

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Amin,

I read you problem description but at the end I'm not able to understand 
what you really want to achieve with PacketFence.


Could you tell us in short what you want to do with PacketFence ?

Thanks.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Reeavulate Access Log Warning

[Nicolas Quiniou-Briand via PacketFence-users]

On 19/05/2020 13:50, Chad Jemison wrote:

1. What do you see in RADIUS Audit Log (RADIUS reply) when you
connect a VoIP device on your switch that use Procurve_2920.pm switch
template ? May 19 07:46:26 nac auth[136359]: [mac:64:16:7f:57:c6:f5]
Accepted user:  and returned VLAN May 19 07:46:26 nac auth[136359]:
(6046) Login OK: [64167f57c6f5] (from client 192.168.101.30/32 port 1
cli 64:16:7f:57:c6:f5)


Could you check:
- in packetfence.log
- in RADIUS audit log (on RADIUS reply tab)
- on your switch

to see ID of VLAN returned
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Inquiry

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 12/05/2020 18:02, abel sekibaala via PacketFence-users wrote:

Hello ,
please advise ,i have just deployed packetfence ,everything seems fine 
but when i connect a device to a port on which configurations are applied
1.the machine is detected in the nac server but it does not receive an 
ip address to authenticate its self to show the captive portal page for 
registration so i have to register it manually


By default, PacketFence will return VLAN ID 2 (registration VLAN) to 
your switch when device is unregistered.


1. Are you sure this VLAN is created on your network device ?
2. Did you define a registration interface on your PacketFence server in 
registration VLAN ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Reeavulate Access Log Warning

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 18/05/2020 17:22, Chad Jemison via PacketFence-users wrote:
May 18 11:18:09 nac packetfence_httpd.aaa: httpd.aaa(2311) WARN: 
[mac:64:16:7f:57:c7:a3] Illegal hexadecimal digit '


' ignored at /usr/local/pf/lib/pf/Switch/HP/Procurve_2920.pm line 57.

(pf::Switch::HP::Procurve_2920::getVoipVsa)

The above is generated when I do a Reeavulate Access on a node. I am 
using a mix of HP 2920 and Aruba 2930F switches with the Aruba::2930M 
template. CoA is disabled and Deauthentitcation Method is SNMP. VOIP, 
VoIPLLDPDetect and DHCPDetect are set to yes. Is this warning a concern?


1. What do you see in RADIUS Audit Log (RADIUS reply) when you connect a 
VoIP device on your switch that use Procurve_2920.pm switch template ?


2. Which VLAN is associated to voice role in your switch config ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] packet fence security event manual trigger or trigger through command line

[Nicolas Quiniou-Briand via PacketFence-users]

On 18/05/2020 20:06, Jean Matar wrote:

Dear Nicolas,

Thank you for getting back to me regarding the matter !

would you be kind enough to explain how to use pfcmd security_event ? as 


Take a look at [1].

pfcmd is located in /usr/local/pf/bin/pfcmd.

Try: `/usr/local/pf/bin/pfcmd security_event help`


- [1] https://packetfence.org/doc/PacketFence_Installation_Guide.html#_pfcmd
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Print AUP

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 14/05/2020 16:49, Franklin, Adam via PacketFence-users wrote:
In packetfence V10 is there a way to print the AUP when creating a new 
user?
You mean having AUP printed with username/password of user when you 
create user(s) and click on "Preview" ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] firefox print issue

[Nicolas Quiniou-Briand via PacketFence-users]

On 14/05/2020 14:17, Schimanski Tobias via PacketFence-users wrote:
I’ve got an issue, if I create multiple user accounts everything works 
fine, but when I want to print the user list, firefox print only the 
first page. In Chrome or Opera the print is fine.


I'm able to reproduce the issue. I will see with front-end developpers.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence pass auth but not assigning Role.

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 15/05/2020 18:36, Fetakungen Virtual Adventurer via PacketFence-users 
wrote:

why does the username not match any policy for the role assignment ?


According to logs provided, your machine is doing MAC Authentication (in 
place of 802.1X):



May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: 
[mac:c4:65:16:9e:b4:e6] handling radius autz request: from switch_ip => 
(10.0.20.2), connection_type => Ethernet-NoEAP



so I'm almsot sure your authentication source is not evaluated.

You should configure your supplicant to do 802.1X (Ethernet-EAP).
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] packet fence security event manual trigger or trigger through command line

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Jean,

There is several ways to trigger a security event:
- using web admin: you can trigger a security event on a node using 
Security Event tab

- using REST API [1], you can find an example here [2]
- using `pfcmd security_event` on CLI


- [1] https://packetfence.org/doc/api/
- [2] 
https://packetfence.org/doc/PacketFence_Developers_Guide.html#_how_to_use_the_api

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fwd: PF 10.0.0 Zen Web admin can't log in after setting timezone

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

You need to run this command connected to your database.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF10 Inactive since bug

[Nicolas Quiniou-Briand via PacketFence-users]

For the record : https://github.com/inverse-inc/packetfence/issues/5386
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 10.0.0 Zen Web admin can't log in after setting timezone

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Carey,

Thanks for your report.

It a bug in PacketFence, I reported it here [1]. Feel free to add comments.

As a workaround after you reboot your server, you can run:
#v+
UPDATE password SET valid_from = NOW() where pid='admin'\G;
#v-

[1] https://github.com/inverse-inc/packetfence/issues/5390
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] OpenVAS - Greenbone Security Assistant

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Could you describe which OpenVAS setup you have ? (GSM/GSA/GOS/GVM/GCE)
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence iptables-restore issues and windbind domain join not working after upgrade to 10

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Tomasz,

On 23/04/2020 11:52, Tomasz Karczewski via PacketFence-users wrote:
There is missing kernel module dkms-ipt-netflow in packetfence-zen 
installation


Solution is to reinstall module.

yum reinstall dkms-ipt-netflow --enablerepo=packetfence

After reinstallation iptables started properly.


Thanks for your bug report. I opened an issue on your bug tracker [1].

We will publish a new ZEN soon.

[1] https://github.com/inverse-inc/packetfence/issues/5388

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfacct crash after update to 10.0

[Nicolas Quiniou-Briand via PacketFence-users]

On 22/04/2020 14:49, Robert McNutt via PacketFence-users wrote:
How do I get the patched binary, I cant find pf-maint.pl 
 and yum update doesnt find any new packages.

Robert McNutt


/usr/local/pf/addons/pf-maint.pl

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 10.0.0 webadmin won't start after Upgrade

[Nicolas Quiniou-Briand via PacketFence-users]

On 22/04/2020 12:44, felix13890--- via PacketFence-users wrote:
AH00558: httpd: Could not reliably determine the server's fully 
qualified domain name, using 172.20.5.14. Set the 'ServerName' directive 
globally to suppress this message


This message doesn't mean that web admin is not started. Could you give 
us output of /usr/local/pf/bin/pfcmd service pf status ?



--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence iptables-restore issues and windbind domain join not working after upgrade to 10

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Robert,

On 20/04/2020 21:47, Robert McNutt via PacketFence-users wrote:

Anyine else having issues?


It's certainly an issue with your kernel packages.

Are you sure you followed these instructions [1] before upgrading your 
PacketFence packages ?


[1] 
https://packetfence.org/doc/PacketFence_Upgrade_Guide.html#_kernel_development_package


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfacct crash after update to 10.0

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Cristian,

Thanks for reporting this issue. It has been fixed in maintenance and we 
are uploading a new pfacct binary.


When following pipeline [1] passed, you can run pf-maint.pl to get a 
patched pfacct.


[1] 
https://gitlab.com/inverse-inc/packetfence/-/commit/1bb6989574d8d69f4ef99ceaab6b6a3d2fc7cfd9

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 10.0.0 Zen Web admin can't log in after setting timezone

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Carey,

On 18/04/2020 04:11, Carey Pillar via PacketFence-users wrote:
If I set my timezone when first configuring the new PF 10 Zen, then 
reboot CentOS, I cannot log back in.  Admin portal says "wasn't able to 
authenticate those credentials".  Nothing looks off in pf.conf 
compared to the same in 9.3.0.  I'm fine until I reboot.


1. Is it an upgrade or a fresh install on PF 10 ZEN ?
2. How did you set your timezone ?
3. Did you see something in /usr/local/pf/logs ?

Thanks for your report.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SAML Authentication Failing - httpd_portal_err Could not read KeyInfo

[Nicolas Quiniou-Briand via PacketFence-users]

For the record, the issue was not with Lasso 2.5.1 but with IDP 
certificate file on PF side that don't have: "BEGIN/END" tags.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SAML Authentication Failing - httpd_portal_err Could not read KeyInfo

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Jonathan,

PacketFence is shipped with lasso 2.5.1, it seems lasso 2.6 add supports 
for SHA256 certificates.


Could you try to upgrade lasso packages to 2.6 using following procedure:
#v+
# cat >> /etc/yum.repos.d/lemonldap-ng.repo << EOF
[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/\$releasever
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2
EOF

# curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > 
/etc/pki/rpm-gpg/RPM-GPG-KEY-OW2


# yum upgrade lasso lasso-perl
#v-

To revert changes, you need to run:
#v+
# yum downgrade lasso lasso-perl --enablerepo=packetfence
# rm -f /etc/yum.repos.d/lemonldap-ng.repo
#v-

Let me know if it works.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issues with logging into admin portal via AD group membership

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 03/02/2020 21:37, Christian McDonald via PacketFence-users wrote:

So, I'm guessing authentication sources operate on a first-match
basis? Meaning, that if I had an authentication source that matched
the user but *didn't apply* an administration access level at say
priority 1, any additional authentication sources scoped to the same
Base DN with matches would be ignored?
This is exactly what I've described in this issue: 
https://github.com/inverse-inc/packetfence/issues/3631


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device

[Nicolas Quiniou-Briand via PacketFence-users]

On 10/02/2020 19:26, Rokkhan wrote:
Let me know if it happens the same on your deployment to verify if its 
just my servers or a bug.


When you make a manual edit in a conf file, you should run: `pfcmd 
configreload hard` on CLI.


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence Cluster, one member not authenticating clients

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

On 11/02/2020 09:17, Franck Rakotonindrainy via PacketFence-users wrote:
but when radius (AD) authentication is send to the node I call 9-1, it 
never succeed


1. Did you see something interesting in packetfence.log or radius.log on 
9-1 node ?


2. If you use EAP-PEAP, are you sure 9-1 is correctly joined to an AD 
domain ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device

[Nicolas Quiniou-Briand via PacketFence-users]

Hi,

You identified a bug, reported here [1]. As a workaround, you can 
replace id of role in portal_modules.conf by **name** of you role:


#v+
actions=set_role(BYOD-Role),set_unregdate(2030-02-05)
#v-

[1] https://github.com/inverse-inc/packetfence/issues/5133
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] customizing security event email notifications

[Nicolas Quiniou-Briand via PacketFence-users]

Hello MJ,

HTML files are generated from MJML files using a Makefile in yout Git 
repository. Unless you know how to re-generate HTML files from MJML 
files, you should edit HTML files.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auegas configuration of switches.conf

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 07/02/2020 15:38, Pär Stolpe via PacketFence-users wrote:

yes we have considered templates but:
With templates the configuration file becomes static, with Auegas we may modify 
only the changes we need to be controlled and may use the gui for everything 
else.
I understand but you should be able to have same behavior with module 
different than Augeas. With Ansible, there is a ini module that allow 
you to edit only a specific key/value in a conf file.



Templates do not consider upstream changes, with Auegas it's easier to upgrade 
if new features demands changes in default config files.


It depends how you generate template. If you're able to generate 
template from a YAML dictionnary in your inventory, you can keep in sync 
with upstream as long as you update your inventory.



Preferably if there is a way to set the key and values in the config file as 
something like below and thus avoid the / in the key-value [ key ] ?

[switch-name]
ipv4=
ipv6=
mac=


I don't think so, you can create a feature request on your bug tracker: 
https://github.com/inverse-inc/packetfence/issues/new?assignees==Type%3A+Feature+%2F+Enhancement=feature_request.md=

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 07/02/2020 18:45, Rokkhan wrote:

Do you mean to configure manually in the portal_modules.conf file?


I will try to reproduce this issue and give you a feedback.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Admin interface not loading on new install.

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Try to run `systemctl status packetfence-httpd.admin`.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Inline - cluster 9.1

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 10/02/2020 09:31, Daniele Rosati via PacketFence-users wrote:

or each node should have a different one?


Each node should have a different IP.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auegas configuration of switches.conf

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 04/02/2020 17:16, Pär Stolpe via PacketFence-users wrote:
We see that it might be feasible to check for a variable first and if 
set accept a description as the key otherwise default to the standard 
behavior.


Could you rephrase because I'm not sure to understand what you mean ?
Did you consider using a template module in place of Augeas module ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

You should not use category_id of role in your authentication rule but 
role name.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [External] Re: Parking troubles

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Peter,

On 05/02/2020 20:31, Truax, Peter via PacketFence-users wrote:

Hello Nicolas,

I ran the pf-maint.pl as requested and copied the httpdispatcher.conf file. I 
went to github 
(https://github.com/inverse-inc/packetfence/commit/33b43f8576637c2ae154fbfbee81cd1e6ea95bc0
 ) and verified all of the changes were made correctly in proxy.go as well as 
Root.pm.


I forgot to mention that you need to run "pfcmd configreload hard". Be 
sure to restart services too.



I am still getting TOO_MANY_REDIRECTS error when parking is enabled. Any other 
suggestions? I don't see anything in the haproxy_portal.log file to indicate 
many redirects on my test device.


Did you clear your cache ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] CLI /usr/local/pf/bin/pfcmd node view all output

[Nicolas Quiniou-Briand via PacketFence-users]

It has been backported to maintenance branches.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] CLI /usr/local/pf/bin/pfcmd node view all output

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Dmitry,

I reported this bug [1], thanks for your report.

[1] https://github.com/inverse-inc/packetfence/issues/5116
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] CLI /usr/local/pf/bin/pfcmd node view all output

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

1. Why PF version are you running ?

2. Could you provide output of: `show tables` at MariaDB prompt ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] customizing security event email notifications

[Nicolas Quiniou-Briand via PacketFence-users]

Hello MJ,

On 04/02/2020 10:39, lists via PacketFence-users wrote:
We could of course customize the files there, but we are unsure how well 
this would work with packetfence updates. Plus: do we edit the html or 
the mjml file? Or both? Can this be done from the GUI?


You can directly edit HTML files on your connection profile using 
"Files" tab. These files will be created in a dedicated directory and 
will not cause issue after an upgrade. I will give you an answer later 
regarding MJML or HTML files.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Parking troubles

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Peter,

On 03/02/2020 19:03, Truax, Peter via PacketFence-users wrote:
We are having trouble getting our parking portal working after upgrading 
to 9.2 from 9.0.1. When a user tries to go to the registration portal 
and they have been parked, the browser just displays and error of 
TOO_MANY_REDIRECTS.


This bug [1] has been fixed in 9.3.0 and should be available in 
maintenance branch for your PF version.


Procedure is slighty different than usual:
- apply maintenance patches: /usr/local/pf/addons/pf-maint.pl
- replace httpdispatcher.conf by httpdispatcher.conf.example:
#v+
cp -f conf/caddy-services/httpdispatcher.conf.example 
conf/caddy-services/httpdispatcher.conf

#v-
- restart pf services: /usr/local/pf/bin/pfcmd service pf restart


[1] https://github.com/inverse-inc/packetfence/issues/4974
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] device profiling discrepancy | security event

[Nicolas Quiniou-Briand via PacketFence-users]

For the record, it's a bug in PF: 
https://github.com/inverse-inc/packetfence/issues/5106

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Allowing different access levels for MAB vs EAP-TLS clients

[Nicolas Quiniou-Briand via PacketFence-users]

Hello David,

On 30/01/2020 15:54, David Harvey via PacketFence-users wrote:
I currently have a functional setup where users get allocated their 
VLANs properly regardless of if they do MAB or EAP, but I've not for 
love nor money been able to work out how to discriminate between the two 
effectively.
You can use two connection profiles to distinguish EAP-TLS and MAB (on 
wired):

#v+
# cat profiles.conf
[eap-tls]
locale=
filter=connection_type:Ethernet-EAP,connection_sub_type:EAP-TLS

[mab]
locale=
filter=connection_type:Ethernet-NoEAP
#v-

But IIRC, handle broken EAP clients could be tricky. In fact, it's hard 
to distinguish a bad configured supplicant from an unauthorized 
supplicant. I'm not sure your network devices will always fallback to 
MAB when you've a bad configured supplicant that receive a RADIUS reject 
message (e.g. due to an expired cert). RADIUS and VLAN filters could 
certainly help you.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Inline Guest Network Registration Certificate Issues

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Charles,

1. Which error message did you get in Firefox ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] change enforcement

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 20/01/2020 13:15, saskatooner Canada via PacketFence-users wrote:
How can I change the enforcement mode? I want to 
reject the unknown requests, I dont want to accept them and put them in 
registration vlan...


In your network devices, on Roles tab, under "Roles by VLAN ID", replace 
ID of VLAN mapped to registration role by value -1.


This will return a RADIUS Reject message when a node get registration 
role (default role when a node is not able to get a role during 
authorization step).

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with scan

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 24/01/2020 10:18, Liborio La Fortezza via PacketFence-users wrote:

Hi
i have the following problem. After logging in through the captive 
portal or directly from the 802.1x supplicant (the behavior is the same) 
I am not redirected to the page for scanning but directly to the page 
for connection testing. From the logs i see that scan starts anyway but 
is interrupted due to the end of the registration process.


Which lines did you see in packetfence.log for a specific MAC ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Fingerbank and softnet_stat issues with version 9.2

[Nicolas Quiniou-Briand via PacketFence-users]

On 24/01/2020 16:51, Serhiy Morhun via PacketFence-users wrote:

Do you still want a tcpdump?

Yes.

Peter, feel free to send me a tcpdump too.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] cloned security event, untriggerable

[Nicolas Quiniou-Briand via PacketFence-users]

Hi MJ,

On 24/01/2020 12:08, mj via PacketFence-users wrote:

What is required for a security event to show up there?


I'm not able to replicate your issue on a 9.3 setup. Try to refresh your 
browser cache. When you click on Nodes menu, an API call is made to get 
all security events. Web browser will then use this list to display 
security events triggerable on a node.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Maintenance patches

[Nicolas Quiniou-Briand via PacketFence-users]

For the record, take a look at this thread [1] on packetfence-devel 
mailing-list.


[1] 
https://www.mail-archive.com/packetfence-devel%40lists.sourceforge.net/msg01322.html

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Fingerbank and softnet_stat issues with version 9.2

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 23/01/2020 17:07, Serhiy Morhun via PacketFence-users wrote:
Not for us. My fingerbank.log is not filling up with errors anymore, but 
I still get hourly limit emails within minutes (2-5) of each hour.


1. How many endpoints do you have on your network ?
2. Could you send me in private message result file of following 
command: `tcpdump -nlp -i any -w full.pcap` when you have issue ?


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Possibilty running 802.1x with PacketFence without AD

[Nicolas Quiniou-Briand via PacketFence-users]

On 23/01/2020 16:13, Mochamad Ryan Ridwan wrote:

username and password , I used from tab Users
is it right ?
Yes but as mentioned in Install Guide, you need to have passwords stored 
in DB using NTLM hash.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Microsoft hardening AD/LDAP connections in March updates

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

I tested those changes today with a PacketFence server.

If your AD authentication sources don't use a LDAPS or StartTLS 
connection, these changes will break them.


You need to switch to StartTLS or LDAPS.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Possibilty running 802.1x with PacketFence without AD

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 23/01/2020 08:52, Mochamad Ryan Ridwan via PacketFence-users wrote:

Should it 802.1x integrated with AD or not?


No, you can use a local users if you prefer [1].

[1] 
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_eap_local_user_authentication

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Fingerbank and softnet_stat issues with version 9.2

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

Julien has fixed a bug that generate too many API requests with 
fingerbank-collector in fingerbank-collector 1.2.3. You can upgrade your 
 package.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ver 9.3 - BUG on INTERFACE --- NEW VLAN

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Giacinto,

Issue was: https://github.com/inverse-inc/packetfence/issues/5067

It has been fixed in maintenance branch, run pf-maint.pl and restart PF 
services to get a fix.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ver 9.3 - BUG on INTERFACE --- NEW VLAN

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Giacinto,

Thanks for your report. I just created an issue on your bug tracker [1], 
feel free to add comments.


As a workaround, use old admin to configure your network interface.

[1]
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Clients not disconnecting when deregistered

[Nicolas Quiniou-Briand via PacketFence-users]

Hi Andrew,

1. Is it possible this device was already disconnected from WLC ?
2. Could you try with another client that is connected to WLC when you 
unreg from PF ?
3. After you test 2, provide us packetfence.log with lines related to 
MAC of your other client and WLC logs.


Thanks.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Fingerbank and softnet_stat issues with version 9.2

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

We are checking if it possible to disable feature that increase API 
requests. We will keep you informed.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users