[PacketFence-users] Unable to find packetfence android agent on google´s play store
Hello, I am unable to find packetfence android agent on google´s play store. I have tried on different devices. Last week I did install it on a device. ¿has it been removed? Greetings ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device
Hi Nicolas, Thanks, I have noted for a next time. I did a server reboot and took the role name change. Greetings El mar., 11 feb. 2020 a las 14:00, Nicolas Quiniou-Briand () escribió: > > > On 10/02/2020 19:26, Rokkhan wrote: > > Let me know if it happens the same on your deployment to verify if its > > just my servers or a bug. > > When you make a manual edit in a conf file, you should run: `pfcmd > configreload hard` on CLI. > > -- > Nicolas Quiniou-Briand > n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca > Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence > (https://packetfence.org) and Fingerbank (http://fingerbank.org) > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device
Hi Nicolas, You were right! I have modified manually the portal_modules.conf file using the category name instead the category_id and now it assigns the correct role to the node. [Byod-Auth] source_id= actions=set_role(BYOD-Role),set_unregdate(2030-02-05) I have created another auth portal through the GUI and happens the same, it looks that webpage uses the category_id but aaa process uses category_name so it looks that there is something wrong with my portal configuration webpage. After manual modification my portal role show an empty value: [image: imagen.png] Let me know if it happens the same on your deployment to verify if its just my servers or a bug. Thanks a lot! El lun., 10 feb. 2020 a las 14:09, Nicolas Quiniou-Briand () escribió: > Hello, > > On 07/02/2020 18:45, Rokkhan wrote: > > Do you mean to configure manually in the portal_modules.conf file? > > I will try to reproduce this issue and give you a feedback. > -- > Nicolas Quiniou-Briand > n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca > Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence > (https://packetfence.org) and Fingerbank (http://fingerbank.org) > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device
Hello Nicolas, Thanks for the fast answer. Do you mean to configure manually in the portal_modules.conf file? I have assigned the role to the login portal through the webgui's dropdown list, selecting role name not role id... [image: imagen.png] Greetings Hello, You should not use category_id of role in your authentication rule but role name. -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PF 9.3.0 Clean Install / unable to assign role to a new device
Hi, Have just deployed a new packetfence 9.3.0 server on a Centos 7 Server. I have just created a new role: cat ../conf/roles.conf [BYOD-Role] max_nodes_per_pid=6 Mysql MariaDB [pf]> select * from node_category; +-+--+---+--+ | category_id | name | max_nodes_per_pid | notes | +-+--+---+--+ | 1 | default | 0 | Placeholder role/category, feel free to edit | | 2 | guest| 0 | Guests | | 3 | gaming | 0 | Gaming devices | | 4 | voice| 0 | VoIP devices | | 5 | REJECT | 0 | Reject role (Used to block access) | | 8 | BYOD-Role | 6 | NULL | +-+--+---+--+ Created a new connection profile and an Authentication::Logiin portal module that assigns this new role upon login [Byod-Auth] source_id= actions=set_role(8),set_unregdate(2030-02-05) fields_to_save= custom_fields= description=Byod-Auth with_aup=0 signup_template=signin.html pid_field=username aup_template=aup_text.html type=Authentication::Login But I am getting an error on packetfence.log saying that specifed role does not exists for pid "user" and assumed maximun number of nodes have been reached. Feb 6 19:04:28 SLX00010808 packetfence_httpd.portal: httpd.portal(2960) INFO: [mac:40:a1:08:f5:c2:ac] Successfully authenticated user (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate) Feb 6 19:04:28 SLX00010808 packetfence_httpd.portal: httpd.portal(2960) INFO: [mac:40:a1:08:f5:c2:ac] Found source Metaldap in session. (Class::MOP::Class:::around) Feb 6 19:04:28 SLX00010808 pfqueue: pfqueue(2604) INFO: [mac:unknown] Already did a person lookup for user (pf::lookup::person::lookup_person) Feb 6 19:04:28 SLX00010808 packetfence_httpd.portal: httpd.portal(2960) INFO: [mac:40:a1:08:f5:c2:ac] User user has authenticated on the portal. (Class::MOP::Class:::after) *Feb 6 19:04:28 SLX00010808 packetfence_httpd.portal: httpd.portal(2960) WARN: [mac:40:a1:08:f5:c2:ac] Specified role 8 doesn't exist for pid user (MAC 40:a1:08:f5:c2:ac); assume maximum number of registered nodes is reached (pf::node::is_max_reg_nodes_reached)Feb 6 19:04:28 SLX00010808 packetfence_httpd.portal: httpd.portal(2960) ERROR: [mac:40:a1:08:f5:c2:ac] max nodes per pid met or exceeded - registration of 40:a1:08:f5:c2:ac to user failed (pf::node::node_register)* I have done a clean install so there is just 1 user created and this node only. Why does it says the role 8 does not exists? What am I doing wrong? I have another server with packetfence 7.2.0 and I think i have configured same way this server is working. if i set manually the role to the node it works ok. Any help help would be appreciatted Thanks for all ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PF 7.2 -> PF 8.1 Migration
Hi, I am planning to migrate from current packetfence 7.2 server to 8.1, but I want to keep the current 7.2 server untouched to rollback quickly in case of problems. I am not a linux expert and i had some problemas in previous upgrades. The question is: could deploy a new clean server with the 8.1 version and migrate the node, users.. information to this server? How? Could it be possible to migrate also the packetfence-pki CA and generated user certificates? how? Thanks in advance! -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Packetfence-pki restore/ovewrite admin password
Hi, I am unable to login to packetfence-pki web interface with the admin password neither with another user I created after installation. Is there anyway to restore or overwirte the admin password? I am using Packetfence-pki 1.0.5 in centos 7 Greetings -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Howto: Migrate Packetfence 6 and Packetfence-pki from server
Hi, Due to some performance issues with Centos6 and Packetfence-PKI, I have installed a new server on Centos 7. I am doing some test and it is working OK, but how should I migrate users, nodes, CA certificate and user-certificates generated with pf6 and packetfence-pki from centos 6 to centos 7 server? Greetings. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PF 7.2 +PF-PKI Android Provisioning questions
Hi, I am trying to configure a BYOD connection profile. I have created a connection profile with chained portal module that first asks for users to authenticate against an external ldap source and after shows a provisioning portal module that generates an user certificate and after configures another SSID with eap-tls and given certificate for Android and IOS. The connection profile works well, it authenticates users, shows the provisioning module where the certificate is generated and shows a button to install the wireless profile that launches packetfence's android app, installs the CA and user certificate on the deive, disconnects the user from the current SSID and changes to new SSID authenticating user over EAP-TLS with generated certificate but in nodes the device has not been registered, nor assigned to a role neither assigned to authenticated user. I have to connect back to original SSID where shows again the android provisioning module and click in “continue” button to register, assign the role and assign the user. What am I doing wrong? Can not this be done automatically? Here is the configuration of profile, modules…. Thanks in advance! . profiles.conf [BYOD] locale= root_module=Root_Byod filter=ssid:ATARIA description=Portal BYOD logo=/common/logo.png block_interval=10s provisioners=Android_GerBYOD,IOS_GerBYOD … portal_modules.conf [Byod] skipable=enabled actions=set_role(Byod,set_unregdate(2030-05-31) type=Provisioning description=Byod [Login_Byod] actions=set_role(Byod),set_unregdate(2030-05-31) custom_fields= description=Portal de Autenticacion para usuarios BYOD with_aup=0 signup_template=signin.html pid_field=username aup_template=aup_text.html type=Authentication::Login source_id=metaldap [chain_byod] modules=Login_Byod,Byod actions= type=Chained description=chain_byod [Root_Byod] modules=chain_byod type=Root description=Portal BYOD provisioning.conf [android] type=android description=android provisioner [ios] type=mobileconfig description=mobileconfig provisioner [accept] type=accept description=accept provisioner [deny] type=deny description=deny provisioner [Android_GerBYOD] eap_type=13 can_sign_profile=0 security_type=WPA broadcast=1 oses= type=android category=Byod pki_provider=EAP-TLS_PacketFence ssid=GerBYOD [IOS_GerBYOD] broadcast=1 oses= category=Byod eap_type=13 can_sign_profile=0 security_type=WPA type=mobileconfig ssid=GerBYOD pki_provider=EAP-TLS_PacketFence -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PF 7.2 +PF-PKI Android Provisioning questions
Hi, I am trying to configure a BYOD connection profile. The profile works but devices are not registered automatically. I have created a connection profile with chained portal module that first asks for users to autenticate against an external ldap source and after shows a provisioning portal module where I have published provisioning profiles for Android & Apple Devices. Connection Profile BYOD -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] radiusd service not starting on PF 7.2
i can not start radiusd service on PF 7.2 but packetfence logs show like it has started without any problems: Aug 25 16:27:12 SLX00012040 packetfence: INFO pfcmd.pl(10671): Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Aug 25 16:27:20 SLX00012040 packetfence: INFO pfcmd.pl(10671): Connecting to MySQL database (pfconfig::backend::mysql::_get_db) Aug 25 16:27:27 SLX00012040 packetfence: INFO pfcmd.pl(10671): Daemon radiusd-acct took 4.481 seconds to start. (pf::services::manager:: launchService) Aug 25 16:27:32 SLX00012040 packetfence: INFO pfcmd.pl(10671): Daemon radiusd-auth took 4.608 seconds to start. (pf::services::manager:: launchService) I get this error if I try to start manually: /usr/local/pf/bin/pfcmd service radiusd start service|command Checking configuration sanity... WARNING - unknown configuration parameter general.dnsservers if you added the parameter yourself make sure it is present in conf/documentation.conf Job for packetfence-radiusd-acct.service failed because the control process exited with error code. See "systemctl status packetfence-radiusd-acct.service" and "journalctl -xe" for details. radiusd-acct|not started Job for packetfence-radiusd-auth.service failed because the control process exited with error code. See "systemctl status packetfence-radiusd-auth.service" and "journalctl -xe" for details. radiusd-auth|not started systemctl status packetfence-radiusd-acct.service ● packetfence-radiusd-acct.service - PacketFence FreeRADIUS multi-protocol accounting server Loaded: loaded (/usr/lib/systemd/system/packetfence-radiusd-acct.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since Fri 2017-08-25 16:30:49 UTC; 37s ago Docs: man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/ Process: 10957 ExecStartPre=/usr/sbin/radiusd -d /usr/local/pf/raddb -n acct -Cxm -lstdout (code=exited, status=1/FAILURE) Process: 10952 ExecStartPre=/usr/local/pf/bin/pfcmd service radiusd generateconfig (code=exited, status=0/SUCCESS) Aug 25 16:30:49 SLX00012040 radiusd[10957]: -x Turn on additional debugging (-xx gives more debugging). Aug 25 16:30:49 SLX00012040 systemd[1]: packetfence-radiusd-acct.service: control process exited, code=exited status=1 Aug 25 16:30:49 SLX00012040 systemd[1]: Failed to start PacketFence FreeRADIUS multi-protocol accounting server. Aug 25 16:30:49 SLX00012040 systemd[1]: Unit packetfence-radiusd-acct.service entered failed state. Aug 25 16:30:49 SLX00012040 systemd[1]: packetfence-radiusd-acct.service failed. Aug 25 16:30:49 SLX00012040 systemd[1]: packetfence-radiusd-acct.service holdoff time over, scheduling restart. Aug 25 16:30:49 SLX00012040 systemd[1]: start request repeated too quickly for packetfence-radiusd-acct.service Aug 25 16:30:49 SLX00012040 systemd[1]: Failed to start PacketFence FreeRADIUS multi-protocol accounting server. Aug 25 16:30:49 SLX00012040 systemd[1]: Unit packetfence-radiusd-acct.service entered failed state. Aug 25 16:30:49 SLX00012040 systemd[1]: packetfence-radiusd-acct.service failed. Runnning in debug mode: radiusd -d /usr/local/pf/raddb -n auth -XXX Mon Aug 28 16:30:01 2017 : Debug : Server was built with: Mon Aug 28 16:30:01 2017 : Debug : accounting : yes Mon Aug 28 16:30:01 2017 : Debug : authentication : yes Mon Aug 28 16:30:01 2017 : Debug : ascend-binary-attributes : yes Mon Aug 28 16:30:01 2017 : Debug : coa : yes Mon Aug 28 16:30:01 2017 : Debug : control-socket : yes Mon Aug 28 16:30:01 2017 : Debug : detail : yes Mon Aug 28 16:30:01 2017 : Debug : dhcp : yes Mon Aug 28 16:30:01 2017 : Debug : dynamic-clients : yes Mon Aug 28 16:30:01 2017 : Debug : osfc2: no Mon Aug 28 16:30:01 2017 : Debug : proxy: yes Mon Aug 28 16:30:01 2017 : Debug : regex-pcre : yes Mon Aug 28 16:30:01 2017 : Debug : regex-posix : no Mon Aug 28 16:30:01 2017 : Debug : regex-posix-extended : no Mon Aug 28 16:30:01 2017 : Debug : session-management : yes Mon Aug 28 16:30:01 2017 : Debug : stats: yes Mon Aug 28 16:30:01 2017 : Debug : tcp : yes Mon Aug 28 16:30:01 2017 : Debug : threads : no Mon Aug 28 16:30:01 2017 : Debug : tls : yes Mon Aug 28 16:30:01 2017 : Debug : unlang : yes Mon Aug 28 16:30:01 2017 : Debug : vmps : yes Mon Aug 28 16:30:01 2017 : Debug : developer: no Mon Aug 28 16:30:01 2017 : Debug : socket-timestamps: yes Mon Aug 28 16:30:01 2017 : Debug : Server core libs: Mon Aug 28 16:30:01 2017 : Debug : freeradius-server: 3.1.0 Mon Aug 28 16:30:01 2017 : Debug : talloc : 2.0.* Mon Aug 28 16:30:01 2017 : Debug : ssl : 1.0.1e
Re: [PacketFence-users] How to update PF-zen 7.1.0?
Hi, I did the upgrade correctly following the upgrade procedure without problems. Now the problem I have is that radius services does not start. I do not know if it is something related to the upgrade or something I have configured incorrectly but the installation of the pacakages gone well. Thanks for all. 2017-08-26 13:53 GMT+02:00 Akala Kehinde <kehindeak...@gmail.com>: > Hi Rokkhan, > > You can follow the guide provided by Inverse. > > https://github.com/inverse-inc/packetfence/blob/stable/UPGRADE.asciidoc > > Regards, > Kehinde > > On Thu, Aug 24, 2017 at 4:36 PM, Rokkhan via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hi, >> >> I have recently installed packetfence-zen 7.1.0 using the OVA file. If i >> would like to upgrade to 7.2 is there any step i should take care? Or the >> upgrade procedure is the same as if have installed packetfence manually? >> >> Greetings >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] How to update PF-zen 7.1.0?
Hi, I have recently installed packetfence-zen 7.1.0 using the OVA file. If i would like to upgrade to 7.2 is there any step i should take care? Or the upgrade procedure is the same as if have installed packetfence manually? Greetings -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Packetfence-pki IOS provisiones error
Hi, I am trying to generate certificate for IOs devices but I am unable to install the on IOs devices. I see in the documentation that I need a certificate signed by a know Certificate Authority and I have a certificate that I am using on web servers signed by godaddy but I think that i am doing something wrong because I get an error. I also tried to install the certificate sending it by email through packetfence-pki but I get a "profile error" when I try to install p12 certificate sent by email on my IOs device. I am using a Centos 6 and PF 6.5.1 server. Greetings! -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence-users Digest, Vol 110, Issue 31
Hi Fabrice, Did you see anything in the code? OCSP now is working ok, thanks a lot. Yes I am sending also the accounting info to the packetfence server. If i send the the node and then "Location" I can see the information of associated access point, but the status is offline. Greetings. > -- > > Message: 2 > Date: Tue, 20 Jun 2017 19:16:36 -0400 > From: Durand fabrice <fdur...@inverse.ca> > To: packetfence-users@lists.sourceforge.net > Subject: Re: [PacketFence-users] packetfence-pki EAP-tls users and > certificate management > Message-ID: <ea609fdd-44c0-21de-9ff3-6657e1f30...@inverse.ca> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello Rokkhan, > > i need to check in the code why you have this error when the certificate > already exist. > > Also the port for ocsp is 9292. > > Last thing, to have online/offline status you need to have the radius > accounting enable. > > Regards > > Fabrice > > > > Le 2017-06-19 ? 14:30, Rokkhan via PacketFence-users a ?crit : > > Hi, > > > > I am trying to configure a wireless network using pakcetfence-pki and > > user certificates. > > > > I have configured a role limited to 3 devices per user and configured > > packetfence-pki to generate user certifcates using ldap's user id > > instead of device mac adress. > > > > The issue is that when the user generates the certificate for the > > first device I get an error generating certificate that I think is > > related to that an user certifcate previously exists, because if i > > remove the previously generated certificate i do not get any error. > > > > what am i doing wrong? How can i apply the 3 device limit per user > > using eap-tls? > > > > When I connect to SSID using the generated certificate user is marked > > as login ok through radius but I get ocsp error. What port do have to > > configure in eap.conf module? 9191 9292 or 9393 ? > > > > Once the users are logged in the eap-tls ssid through radius server > > the packfence server does not show status of the device. I mean, if i > > filter to "online nodes" this devices are not shown. > > > > Greetings. > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > ___ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] packetfence-pki EAP-tls users and certificate management
Hi, I am trying to configure a wireless network using pakcetfence-pki and user certificates. I have configured a role limited to 3 devices per user and configured packetfence-pki to generate user certifcates using ldap's user id instead of device mac adress. The issue is that when the user generates the certificate for the first device I get an error generating certificate that I think is related to that an user certifcate previously exists, because if i remove the previously generated certificate i do not get any error. what am i doing wrong? How can i apply the 3 device limit per user using eap-tls? When I connect to SSID using the generated certificate user is marked as login ok through radius but I get ocsp error. What port do have to configure in eap.conf module? 9191 9292 or 9393 ? Once the users are logged in the eap-tls ssid through radius server the packfence server does not show status of the device. I mean, if i filter to "online nodes" this devices are not shown. Greetings. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users