Re: [PacketFence-users] [*Suspicious Email*] clustering: minimum number of nodes

[Tomasz Karczewski via PacketFence-users]

You need 3 nodes i.a. to avoid split brain in galera cluster.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Chris Vogel via PacketFence-users 
 
Sent: Tuesday, May 7, 2024 12:18 PM
To: Daniel Zook via PacketFence-users 
Cc: Chris Vogel 
Subject: [*Suspicious Email*] [PacketFence-users] clustering: minimum number of 
nodes

UWAGA, wiadomość pochodzi z zewnętrznego serwisu. 
ZACHOWAJ OSTROŻNOŚĆ 

Hi everybody,

I need to start learning about clustering and I have a general question:

The documentation and Daniel mention that a cluster consists of three nodes.

What is the reason for the number **three**?

Wouldn't a cluster be possible with two nodes, also?


Thanks, Chris


-- 
Packetfence Matrix Room
https://matrix.to/#/%23packetfence:matrix.org


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [*Suspicious Email*] Eduroam port 11812 not working

[Tomasz Karczewski via PacketFence-users]

1812 is for external eduroam servers.

11812 is for network devices (NAS).

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Anne Dijkstra via PacketFence-users
 
Sent: Saturday, January 21, 2023 5:54 PM
To: packetfence-users@lists.sourceforge.net
Cc: Anne Dijkstra 
Subject: [*Suspicious Email*] [PacketFence-users] Eduroam port 11812 not
working

 

Good evening everyone,

 

We are replacing our Microsoft NPS Servers with Packetfence. All is working
:) but we are running into a problem with eduroam.

I followed the manual exactly. So I created a internal source (the eduroam
servers), an external source and connection profiles.

If I understand correctly, I must use port 11812 for the eduroam external
source and add Packetfence radius server IP with port 11812 to the WiFi
controller.

But when I make an authentication request from the WiFi controller to
Packetfence on port 11812, it does nothing. The WiFi controller has error
"Connection time out". 

When I start TCPdump on the Packetfence server I only see incoming packets
from the WiFi controller, but no reply.

Moreover, the incoming eduroam packets from the world to our environment is
working (So an employee or student on an eduroam location that is not ours).

 

I hope you can help me!

Thanks for your replies.

 

 

Regards,

Anne Dijkstra 

 

Noorderpoort aanvaardt geen aansprakelijkheid voor de inhoud en aan deze
mail kunnen geen rechten worden ontleend. 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [*Suspicious Email*] Re: SSL Cert

[Tomasz Karczewski via PacketFence-users]

No, it’s for the radius cert.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Schüller Dennis via PacketFence-users 
 
Sent: Friday, July 8, 2022 12:54 PM
To: Zammit, Ludovic 
Cc: Schüller Dennis ; PacketFence-users 

Subject: [*Suspicious Email*] Re: [PacketFence-users] SSL Cert

 

Yes, I’ve changed the „HTTP” section with the right cert. Is the “Radius” 
section for the Portal?

 

Thanks 

 


Mit freundlichen Grüßen / with kind regards 



i. A. Dennis Schüller
IT-Systemadministrator
Finanzen & Administration

dennis.schuel...@nuerburgring.de   

T +49 (2691) 302 9885
M +49 151 571 320 36
F +49 2691 302 9897

Nürburgring 1927
GmbH & Co. KG

Otto-Flimm-Straße 
53520 Nürburg
nuerburgring.de




  


Bitte schonen Sie unsere Umwelt und drucken die Email nur aus, wenn es wirklich 
notwendig ist! 
Please consider the environment before printing this email! 

 

Von: Zammit, Ludovic mailto:luza...@akamai.com> > 
Gesendet: Donnerstag, 7. Juli 2022 16:11
An: Schüller Dennis mailto:dennis.schuel...@nuerburgring.de> >
Cc: PacketFence-users mailto:packetfence-users@lists.sourceforge.net> >
Betreff: Re: [PacketFence-users] SSL Cert

 

Hello Dennis,

 

You can do it in the web admin.

 

Configuration > System Configuration > SSL Certificate 

 

Thanks,

 


Ludovic Zammit
Product Support Engineer Principal






Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142




Connect with Us:

     
    
  
 



 

On Jul 7, 2022, at 9:40 AM, Schüller Dennis mailto:dennis.schuel...@nuerburgring.de> > wrote:

 

Hey,

I’m using Version  11.2.0 on Debian 11

 

 

 


Mit freundlichen Grüßen / with kind regards 



i. A. Dennis Schüller
IT-Systemadministrator
Finanzen & Administration

dennis.schuel...@nuerburgring.de   

T +49 (2691) 302 9885
M +49 151 571 320 36
F +49 2691 302 9897

Nürburgring 1927
GmbH & Co. KG

Otto-Flimm-Straße 
53520 Nürburg
nuerburgring.de  




 

 


Bitte schonen Sie unsere Umwelt und drucken die Email nur aus, wenn es wirklich 
notwendig ist! 
Please consider the environment before printing this email!

 

Von: Zammit, Ludovic mailto:luza...@akamai.com> > 
Gesendet: Dienstag, 5. Juli 2022 15:17
An: PacketFence-users mailto:packetfence-users@lists.sourceforge.net> >
Cc: Schüller Dennis mailto:dennis.schuel...@nuerburgring.de> >
Betreff: Re: [PacketFence-users] SSL Cert

 

Hello Dennis,

 

No, there is not documentation around it but it’s pretty straight forward.

 

Which PF version are you running ?

 

Thanks,

 


Ludovic Zammit
Product Support Engineer Principal







Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142





Connect with Us:

    
 

  

  

  

 







On Jul 4, 2022, at 6:21 AM, Schüller Dennis via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> > wrote:

 

Hey all,

is there a short HOW-TO implement an SSL Certificat for WebAdmin and One for 
the Captive-Portal?

 

Thanks!

 


Mit freundlichen Grüßen / with kind regards 



i. A. Dennis Schüller
IT-Systemadministrator
Finanzen & Administration

dennis.schuel...@nuerburgring.de   

T +49 (2691) 302 9885
M +49 151 571 320 36
F +49 2691 

Re: [PacketFence-users] [*Suspicious Email*] Authenticate both machine and user

[Tomasz Karczewski via PacketFence-users]

You need to consider to match per source serviceprincipalname or samaccountname.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Mathieu Valois via PacketFence-users 
 
Sent: Tuesday, January 18, 2022 10:17 AM
To: packetfence-users@lists.sourceforge.net
Cc: Mathieu Valois 
Subject: [*Suspicious Email*] [PacketFence-users] Authenticate both machine and 
user

 

Hello,

I would like to authenticate both machine and user using an AD authentication 
source. I've made 2 authentication sources: one for machine and one for users, 
following the installation guide.

In the Standard Connection Profiles I've set the both sources and used an ALL 
(AND) operator. However it looks like only the first matching source is used.

Is it expected?

Thank you for your help,

-- 


  

Mathieu Valois 

Bureau Caen: Quartier Kœnig - 153, rue Géraldine MOCK - 14760 
Bretteville-sur-Odon
Bureau Vitré: Zone de la baratière - 12, route de Domalain - 35500 Vitré
02 72 34 13 20 |   www.teicee.com 

     
  
 



 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [*Suspicious Email*] Aruba VC and RADIUS Configuration in Packetfence with Google Secure LDAP and MS AAD

[Tomasz Karczewski via PacketFence-users]

Hi,

 

Did you setup up authentication rules in your authentication sources?

Did you setup portal modules and assign it to connection profiles?

Did you setup role by switch role in switches settings?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: P.Thirunavukkarasu via PacketFence-users 
 
Sent: Wednesday, December 22, 2021 1:26 PM
To: packetfence-users@lists.sourceforge.net
Cc: P.Thirunavukkarasu 
Subject: [*Suspicious Email*] [PacketFence-users] Aruba VC and RADIUS 
Configuration in Packetfence with Google Secure LDAP and MS AAD

 

Hi Team,

Greetings

Configured the Roles, Realms, Authentication Sources (Google Secure LDAP and MS 
Azure AD for Education) in the PF. (Google Secure LDAP connection verified 
successfully)

We are using Aruba IAPs in our campus as clusters. 

Is it possible to add the Aruba Virtual Controller (VC) in the Network Devices 
group?

I can see the Aruba Switches and WLC in the Switches, not the VC. 

In the Network Configuration added the interfaces for the Registration, 
Isolation and the others for RADIUS.

In the EAP Profile I changed the default profile from PEAP to TTLS. 

My requirement is implementation of 802.1x authentication and accounting of 
wi-fi users against the Google Secure LDAP and the MS AAD associated with their 
realms. 

How to configure the RADIUS to authenticate the users with their associated 
realms in PF?

vlans are already configured in the core switch (Aruba 6300M). This vlans 
should be assigned to the users dynamically after authentication...

Regards,

Thirunavukkarasu

 

 

 

 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Captive portal info popup

[Tomasz Karczewski via PacketFence-users]

Hello,

 

Does it possible to add "?" after login field you can click to popup short
info about login?

Example https://www.w3schools.com/howto/tryit.asp?filename=tryhow_js_popup

 

Tnx in advance for response

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF11 Cluster - Portal Preview blank page

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I migrate Cluster to latest version (11). Update successful but when i want
to see preview page in connection profile i have blank page.

What could go make that happens?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [*Suspicious Email*] Mac filter

[Tomasz Karczewski via PacketFence-users]

You can try do that using security events.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Derar Fares via PacketFence-users
 
Sent: Thursday, August 19, 2021 7:22 AM
To: packetfence-users@lists.sourceforge.net
Cc: Derar Fares 
Subject: [*Suspicious Email*] [PacketFence-users] Mac filter

 

Dears

 

Can I do mac vendor filtering on packetfence

 

I have wireless solution I am doing mac authentication by packetfence,

How to permit some mac vendors & refuse others.

 

 

Warm Regards

 

Derar fares

 

Senoir Network Solutions Consultant 

 

Tel:  + 962 6 5539 388 | Ext.: 610

Fax: + 962 6 5539 278

Mob:   + 962 79 6233324

Email: derar.fa...@ad-tech.com.jo
 

Address :   P.O.Box 1842 - Amman 11953 - Jordan

 



 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Back from multitenant to single default tenant

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I want to go back from multi tenant to single tenant of packetfence.

How can i do that?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sending notifications by email

[Tomasz Karczewski via PacketFence-users]

You can use violations to do that.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Robin Cortat via PacketFence-users
 
Sent: Tuesday, March 16, 2021 8:46 AM
To: Ludovic Zammit ;
packetfence-users@lists.sourceforge.net; Durand fabrice 
Cc: Robin Cortat 
Subject: [PacketFence-users] Sending notifications by email

 

Is it possible to configure packetfence to send an email alert when a new
device connects to the network?

 

If yes, how?

 

Thanks for your answer.

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Use PF as 802.1x Radius for Wifi authentication with Vlan assignment fails.

[Tomasz Karczewski via PacketFence-users]

Edit /usr/local/pf/conf/radiusd/packetfence-tunnel

# Uncomment the following line to enable local PEAP authentication

packetfence-local-auth

 

You need to change bcrypt passwords to plaintext or ntlm in
configuration#configuration/main/advanced

 

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Extra Noise via PacketFence-users
 
Sent: Friday, January 15, 2021 11:36 AM
To: packetfence-users@lists.sourceforge.net
Cc: Extra Noise 
Subject: [PacketFence-users] Use PF as 802.1x Radius for Wifi authentication
with Vlan assignment fails.

 

Hi,  

 

I would like to use PF as a Radius for wifi authentication. I created two
internal users and set the PF as radius in our wifi. Also, I created a
connection profile which should automatically register devices an I set the
filter to all Accesspoints. When I try now to connect a notebook or
smartphone with the wifi, and put the credentials in, that I get the error
"can't connect with this wifi". On the PF site I can see the Radius log
entry reject with the reason "mschap: Program returned code (1) and output
'Reading winbind reply failed! (0xc001)'"  

 

Is it not so, that when pf complains about winbin that it doesn't look at
all in the internal user db?  

 

My goal is, to create 3 different user, which all will get different vlans.
That when i will authenticate with user 1 i will get vlan 1 over wifi and
user 2 will get vlan 2 and so on.  

 

Maybe my approach was completely wrong? Or I missed something somewhere? 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Wildcard SSL certificate installation on PF

[Tomasz Karczewski via PacketFence-users]

Intermediates.crt -> intermediate certs + CA

server.crt -> Server certificate

server.key -> Key

server.pem -> Server.crt + intermediates.crt + server.key (from top to bottom)

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: ypefti--- via PacketFence-users  
Sent: Friday, November 13, 2020 4:55 AM
To: packetfence-users@lists.sourceforge.net
Cc: ype...@gmail.com
Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF

 

It is some sort of conspiracy.

No luck at all. Maybe someone will tell me what else to do to install an 
external SSL certificate to PF. 

The server.key is also there, in the same folder. Do I really need *.pem file ?

I didn’t receive it from CA. Fine, I converted *.crt to *.pem, still doesn’t 
fly.

Why am I getting this error on PF GUI ?

 

A networking error occurred. Is the API service running?

 

Eugene

 

From: E.P. mailto:ype...@gmail.com> > 
Sent: Thursday, November 12, 2020 3:03 PM
To: 'Michael Brown' mailto:michaelbrow...@yahoo.com> 
>; packetfence-users@lists.sourceforge.net 
 
Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF

 

Thank you, Michael.

I did it almost the same way. 

What I don’t understand is the logic of PF and Apache integration.

It appears that the original Apache config file, i.e. httpd.conf is useless and 
not in use by PF

I will play and explore the SAN attribute in the certificate

 

Eugene

 

From: Michael Brown mailto:michaelbrow...@yahoo.com> 
> 
Sent: Thursday, November 12, 2020 1:47 PM
To: packetfence-users@lists.sourceforge.net 
 
Cc: ype...@gmail.com  
Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF

 

I have a wildcard from Digicert and used this to get the cert:

  Apache: 
CSR & SSL Installation (OpenSSL)

 






 








Apache: CSR & SSL Installation (OpenSSL)


Apache: Generating your Apache CSR with OpenSSL and installing your SSL 
certificate and Mod_SSL web server confi...

 

 

Also, when requesting the duplicate from Digicert it allows you to enter 
additional SANs beyond the *.domain.com.  I put my pf.domain.com as one of the 
SANs when requesting the duplicate.  I also used WinSCP to connect to my 
packetfence server to get the csr and key files.  I know that's not needed but 
just thought I would mention it.  

 

 

 

 

On Thursday, November 12, 2020, 04:29:50 PM EST, ypefti--- via 
PacketFence-users <  
packetfence-users@lists.sourceforge.net> wrote: 

 

 

More digging, more tries, more frustrations 
Further to my previous email. I replaced three files from SSL folder with files 
that correspond to the new certificated, i.e.
/usr/local/pf/conf/ssl/server.key
/usr/local/pf/conf/ssl/server.crt
/usr/local/pf/conf/ssl/server.pem

PF web interface said bye-bye to me. Why do I see this error in 
/usr/local/pf/logs/httpd.webservices.error

Nov 12 13:04:07 pf httpd_webservices_err: AH00558: httpd: Could not reliably 
determine the server's fully qualified domain name, using 
fe80::250:56ff:fe8a:e674. Set the 'ServerName' directive globally to suppress 
this message

What happened to Apache and PF ?

And what drives me mad is the fact that if I put old certificate files back I 
still can't login via PF GUI.
Having this error:

A networking error occurred. Is the API service running?

Eugene


-Original Message-
From:   ype...@gmail.com <  
ype...@gmail.com> 
Sent: Thursday, November 12, 2020 11:26 AM
To:   
packetfence-users@lists.sourceforge.net
Cc: 'mj' <  li...@merit.unu.edu>
Subject: RE: [PacketFence-users] Wildcard SSL certificate installation on PF

Thank you, MJ,
It looks like questions asked here are replied selectively.
At least out of 4 questions that I asked only this one was finally "noticed" 
after the resend 
I wouldn't bother the list with my questions if the procedure is well 
documented and works.
The existing documentation mentions only this:


"Upon PacketFence installation, self-signed certificates will be created in 
/usr/local/pf/conf/ssl (server.key and server.crt). Those certificates can be 
replaced anytime by your 3rd-party or existing wild card certificate without 
problems. Please note that the CN (Common Name) needs to be the same as the one 

Re: [PacketFence-users] Packetfence captive portal with external DHCP server

[Tomasz Karczewski via PacketFence-users]

You need to create routed networks for each external network and use dhcp relay 
on your network devices.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Aimen Asfour via PacketFence-users 
 
Sent: Monday, August 31, 2020 4:17 PM
To: packetfence-users@lists.sourceforge.net
Cc: Aimen Asfour 
Subject: Re: [PacketFence-users] Packetfence captive portal with external DHCP 
server

 

Hello Nicolas,

 

Thank you for response, in that case is there a way to keep only one network 
interface that handles DHCP requests for multiple subnets instead of having to 
create one interface per subnet, we handle multiple sites each with their own 
network configuration and we need a centralized DHCP server that handles them 
all which is why we tried to use the one we have to handle DHCP requests for 
registration VLAN

 

Thanks,

  _  

De : Nicolas Quiniou-Briand via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> >
Envoyé : Monday, August 31, 2020 3:26:49 PM
À : packetfence-users@lists.sourceforge.net 
  
mailto:packetfence-users@lists.sourceforge.net> >
Cc : Nicolas Quiniou-Briand mailto:n...@inverse.ca> >
Objet : Re: [PacketFence-users] Packetfence captive portal with external DHCP 
server 

 

Hello,

I recommend you to keep PacketFence as DNS and DHCP server in 
registration VLAN.

-- 
Nicolas Quiniou-Briand
n...@inverse.ca    ::  +1.514.447.4918 *140  ::  
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in error and failure to start radiusd

[Tomasz Karczewski via PacketFence-users]

Try this in /usr/local/pf/conf/radiusd/eap_profiles.conf

 

[default]

default_eap_type=PEAP

eap_authentication_types=TTLS,TLS,PEAP,MD5,MSCHAPV2,GTC,LEAP,FAST

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Brenek, Benjamin  
Sent: Monday, August 24, 2020 3:17 PM
To: packetfence-users@lists.sourceforge.net
Cc: Tomasz Karczewski 
Subject: Re: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in
error and failure to start radiusd

 

I followed:
<https://packetfence.org/doc/PacketFence_Clustering_Guide.html#_performing_a
n_upgrade_on_a_cluster>
https://packetfence.org/doc/PacketFence_Clustering_Guide.html#_performing_an
_upgrade_on_a_cluster and did perform the update commands.

 

I did not run pf-maint.pl after update as its not in any of the upgrade
docs. Is this a requirement?

 

Here is the output of catting 

 

cat /usr/local/pf/conf/radiusd/eap_profiles.conf 

[default]

eap_authentication_types=1

 

Thank you,

 

Ben

  _  

From: Tomasz Karczewski via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net> >
Sent: Thursday, August 20, 2020 3:07 AM
To: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
mailto:packetfence-users@lists.sourceforge.net> >
Cc: Tomasz Karczewski 
Subject: Re: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in
error and failure to start radiusd 

 

CAUTION: This email originated from outside of BAYADA. Beware of links and
attachments.

 

Did you run needed updates from /usr/local/pf/addons/upgrade/

Did you run pf-maint.pl after update?

What do you have in /usr/local/pf/conf/radiusd/eap_profiles.conf

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Brenek, Benjamin via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net> > 
Sent: Wednesday, August 19, 2020 7:01 PM
To: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net> 
Cc: Brenek, Benjamin mailto:bbre...@bayada.com> >
Subject: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in
error and failure to start radiusd

 

Hi All,


I testing upgrading from PF 9.3.0 to 10.1.0 in a cluster, but every time I
try to upgrade, I get the following error on all nodes after the upgrade:

 

Aug 19 12:49:38 node03.domain.com systemd[1]: Starting PacketFence
FreeRADIUS multi-protocol proxy load-balancer server... 

-- Subject: Unit packetfence-radiusd-load_balancer.service has begun
start-up

-- Defined-By: systemd

-- Support:  <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-load_balancer.service has begun starting up.

Aug 19 12:49:38 node03.domain.com systemd[1]:
packetfence-radiusd-auth.service holdoff time over, scheduling restart.

Aug 19 12:49:38 node03.domain.com systemd[1]: Cannot add dependency job for
unit systemd-logind.service, ignoring: Unit is masked.

Aug 19 12:49:38 node03.domain.com systemd[1]: Cannot add dependency job for
unit mariadb.service, ignoring: Unit is masked.

Aug 19 12:49:38 node03.domain.com systemd[1]: Stopped PacketFence FreeRADIUS
authentication multi-protocol authentication server.

-- Subject: Unit packetfence-radiusd-auth.service has finished shutting down

-- Defined-By: systemd

-- Support:  <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-auth.service has finished shutting down.

Aug 19 12:49:38 node03.domain.com systemd[1]: Starting PacketFence
FreeRADIUS authentication multi-protocol authentication server...

-- Subject: Unit packetfence-radiusd-auth.service has begun start-up

-- Defined-By: systemd

-- Support:  <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-auth.service has begun starting up.

Aug 19 12:49:40 node03.domain.com pfstats[31084]: t=2020-08-19T12:49:40-0400
lvl=info msg="Calling Unified API on uri:
<https://127.0.0.1:/api/v1/queues/stats>
https://127.0.0.1:/api/v1/queues/stats; pid=31084

Aug 19 12:49:40 node03.domain.com pfhttpd[31216]: api-frontend-access
127.0.0.1 - - [19/Aug/2020:12:49:40 -0400] "GET /api/v1/queues/stats
HTTP/1.1" 200 1209 "-" "Go-http-

Re: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in error and failure to start radiusd

[Tomasz Karczewski via PacketFence-users]

Did you run needed updates from /usr/local/pf/addons/upgrade/

Did you run pf-maint.pl after update?

What do you have in /usr/local/pf/conf/radiusd/eap_profiles.conf

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Brenek, Benjamin via PacketFence-users
 
Sent: Wednesday, August 19, 2020 7:01 PM
To: packetfence-users@lists.sourceforge.net
Cc: Brenek, Benjamin 
Subject: [PacketFence-users] Updating from PF 9.3.0 to 10.1.0 results in
error and failure to start radiusd

 

Hi All,


I testing upgrading from PF 9.3.0 to 10.1.0 in a cluster, but every time I
try to upgrade, I get the following error on all nodes after the upgrade:

 

Aug 19 12:49:38 node03.domain.com systemd[1]: Starting PacketFence
FreeRADIUS multi-protocol proxy load-balancer server... 

-- Subject: Unit packetfence-radiusd-load_balancer.service has begun
start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-load_balancer.service has begun starting up.

Aug 19 12:49:38 node03.domain.com systemd[1]:
packetfence-radiusd-auth.service holdoff time over, scheduling restart.

Aug 19 12:49:38 node03.domain.com systemd[1]: Cannot add dependency job for
unit systemd-logind.service, ignoring: Unit is masked.

Aug 19 12:49:38 node03.domain.com systemd[1]: Cannot add dependency job for
unit mariadb.service, ignoring: Unit is masked.

Aug 19 12:49:38 node03.domain.com systemd[1]: Stopped PacketFence FreeRADIUS
authentication multi-protocol authentication server.

-- Subject: Unit packetfence-radiusd-auth.service has finished shutting down

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-auth.service has finished shutting down.

Aug 19 12:49:38 node03.domain.com systemd[1]: Starting PacketFence
FreeRADIUS authentication multi-protocol authentication server...

-- Subject: Unit packetfence-radiusd-auth.service has begun start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit packetfence-radiusd-auth.service has begun starting up.

Aug 19 12:49:40 node03.domain.com pfstats[31084]: t=2020-08-19T12:49:40-0400
lvl=info msg="Calling Unified API on uri:
https://127.0.0.1:/api/v1/queues/stats; pid=31084

Aug 19 12:49:40 node03.domain.com pfhttpd[31216]: api-frontend-access
127.0.0.1 - - [19/Aug/2020:12:49:40 -0400] "GET /api/v1/queues/stats
HTTP/1.1" 200 1209 "-" "Go-http-client/1.1"

Aug 19 12:49:41 node03.domain.com radiusd[32336]: FreeRADIUS Version 3.0.21

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Copyright (C) 1999-2019
The FreeRADIUS server project and contributors

Aug 19 12:49:41 node03.domain.com radiusd[32336]: There is NO warranty; not
even for MERCHANTABILITY or FITNESS FOR A

Aug 19 12:49:41 node03.domain.com radiusd[32336]: PARTICULAR PURPOSE

Aug 19 12:49:41 node03.domain.com radiusd[32336]: You may redistribute
copies of FreeRADIUS under the terms of the

Aug 19 12:49:41 node03.domain.com radiusd[32336]: GNU General Public License

Aug 19 12:49:41 node03.domain.com radiusd[32336]: For more information about
these matters, see the file named COPYRIGHT

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Starting - reading
configuration files ...

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Debugger not attached

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_redis: libhiredis
version: 0.12.1

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_redis: libhiredis
version: 0.12.1

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Creating attribute
Unix-Group

Aug 19 12:49:41 node03.domain.com httpd_portal[31698]: - - -
[19/Aug/2020:12:49:41 -0400] "GET /captive-portal HTTP/1.0" 302 508 74 3792
"-" "HAPROXY-load-balancing-check"

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_sql (sql): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Creating attribute
SQL-Group

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_sql (pfguest): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Creating attribute
pfguest-SQL-Group

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_sql (pfsponsor):
Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Creating attribute
pfsponsor-SQL-Group

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_sql (pfsms): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Aug 19 12:49:41 node03.domain.com radiusd[32336]: Creating attribute
pfsms-SQL-Group

Aug 19 12:49:41 node03.domain.com radiusd[32336]: rlm_sql 

Re: [PacketFence-users] Unregister user upon linkdown

[Tomasz Karczewski via PacketFence-users]

Thats right in case you are doing vlan enforcement.
Question is if that is dns or vlan enforcement environment.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users
 
Sent: Thursday, August 20, 2020 1:54 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Unregister user upon linkdown

Hi,

On 18/08/2020 15:02, Tomasz Karczewski via PacketFence-users wrote:
> MAB should take care of radius accounting stop.

That's not the case at the moment as described in [1].

If you enable this setting in a MAB scenario with a captive portal
registration, your network device will send a RADIUS accounting stop message
when PacketFence will move device from registration VLAN to production VLAN.
Consequently, your device will be registrered/unregistered endlessly.

[1]
https://github.com/inverse-inc/packetfence/commit/bd29c1d9b30e27aa632688b08d
f4434b914cd3fc

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse
inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unregister user upon linkdown

[Tomasz Karczewski via PacketFence-users]

MAB should take care of radius accounting stop.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users
 
Sent: Tuesday, August 18, 2020 2:51 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Unregister user upon linkdown

Hi Aimen,


On 17/08/2020 18:37, Aimen Asfour via PacketFence-users wrote:
> Hello,
> 
> I began testing packetfence recently using captive portal via 
> Ethernet-NoEAP and RADIUS authentication and I was wondering if it's 
> possible to unregister a user as soon as they are physically 
> disconnected from the network (shutdown switchport or unplug ethernet 
> cable)
> 
> Sincerely,
> 
> *Aimen,*

It possible using unreg_on_accounting stop but you need:
- to use 802.1X (not Ethernet-NoEAP)
- to have a switch that send accounting stop message

Also, you can take a look at the Network logoff page that allow a user to
disconnect himself.

To conclude, keep in mind that when a device is registered, PacketFence will
automatically deregistrer the device (from its current network
device) when unregistration date is reached.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse
inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

[Tomasz Karczewski via PacketFence-users]

Hi Fabrice,

 

Ill capture and send it to you.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Durand fabrice via PacketFence-users 
 
Sent: Wednesday, July 29, 2020 4:56 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

 

can you provide a pcap file of the dhcp traffic with this option inside ?

Le 20-07-28 à 05 h 38, Tomasz Karczewski via PacketFence-users a écrit :

HI,

 

Do you know how to create response on PF10 DHCP filters for Cisco AP similiar 
to  
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html#anc13
 ??

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

[Tomasz Karczewski via PacketFence-users]

HI,

 

Do you know how to create response on PF10 DHCP filters for Cisco AP
similiar to
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wl
an/97066-dhcp-option-43-00.html#anc13 ??

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: 10.1.0 Connection profile doesnt match.

[Tomasz Karczewski via PacketFence-users]

I noticed the similiar problem after last patch (today 24.06.2020).

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users
 
Sent: Monday, June 22, 2020 3:12 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] R: 10.1.0 Connection profile doesnt match.

Hello Giacinto,

We just fixed this issue [1]. Website will be updated ASAP. Meanwhile, you
can read updated instructions on your forge [2]


[1] https://github.com/inverse-inc/packetfence/issues/5621
[2] 
https://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc#upgra
ding-from-a-version-prior-to-10-1-0
-- 
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Multitenancy: audit log and node shows only in default tenant

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I'm testing multitenancy in PF 10.1.0. 

I have some user in tenant 'test' and proper auth source for authentication.

When i connecting to network using this user i see that audit log and node
is empty in this tenant.

I see audit log for this connection and node is appearing in default tenant
but with 'default' username.

All other vaules (access duration, role etc.) are correct after connection.

As i understand audit log and node should appear in 'test' tenant for user
in this tenant?

Do i need to configure something extra to make it working properly or PF is
not full tenant so far?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.

[Tomasz Karczewski via PacketFence-users]

Exactly patches weren't mention in upgrade guide i just made DB update.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Nicolas Quiniou-Briand  
Sent: Monday, June 22, 2020 2:26 PM
To: Tomasz Karczewski ;
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.



On 22/06/2020 13:44, Tomasz Karczewski wrote:
> I forget to use update scripts in /usr/local/pf/addons/upgrade/to-10.1
> Patches applied and started to work.

That's not your fault, see [1]

[1] https://github.com/inverse-inc/packetfence/issues/5621
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse
inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.

[Tomasz Karczewski via PacketFence-users]

I forget to use update scripts in /usr/local/pf/addons/upgrade/to-10.1
Patches applied and started to work.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl  http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users
 
Sent: Monday, June 22, 2020 1:39 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] 10.1.0 Connection profile doesnt match.

Hi,

On 22/06/2020 12:13, Tomasz Karczewski via PacketFence-users wrote:
> Hi,
> 
> After update to 10.1.0 version my connection profiles doesnt match.
> 
> Only Default is matching.

Not able to reproduce on my side on a clean setup with a minimal
configuration.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse
inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] 10.1.0 Connection profile doesnt match.

[Tomasz Karczewski via PacketFence-users]

Hi,

 

After update to 10.1.0 version my connection profiles doesnt match.

Only Default is matching.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF 10.0.1 Multitenancy

[Tomasz Karczewski via PacketFence-users]

Hi,

 

Does multitenancy is fully supported in Admin GUI?

How to use it if yes?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfacct vs radiusd-acct services

[Tomasz Karczewski via PacketFence-users]

Radius-acct is replaced by pfacct.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Chad Jemison via PacketFence-users
 
Sent: Monday, June 8, 2020 2:14 PM
To: 'packetfence-users@lists.sourceforge.net'

Cc: Chad Jemison 
Subject: [PacketFence-users] pfacct vs radiusd-acct services

 

I'm on version Packetfence version 10.01.  I was noticing that I could not
start RADIUSD-ACCT service. In troubleshooting, if I disable PFACCT service
I could then start RADIUSD-ACCT service. I assume they are using the same
port 1813. What are the implications of this and is one to be used over the
other? 

 

In services it states that PFACCT is required for this configuration and
RADIUSD-ACCT is not required. But, the RADIUS-ACCT log is filled with the
following:

 

Failed binding to acct address 192.168.67.110 port 1813 bound to server
packetfence: Address already in use

 

Trying to understand the difference between the 2 services.

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] User creation with unlimited registration window

[Tomasz Karczewski via PacketFence-users]

I cannot save or create user with that date in gui.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Ludovic Zammit  
Sent: Wednesday, June 3, 2020 2:14 PM
To: Tomasz Karczewski 
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] User creation with unlimited registration 
window

 

Hello Tomaz,

 

Set the date to: 2038-01-01 00:00:00

 

 

[root@pf-testing pf]# mysql -p'password' pf -e "select * from password\G"

*** 1. row ***

  tenant_id: 1

pid: admin

   password: 
{bcrypt}$2a$08$IvmmKoL4hJpI.0xnS4dcLe/ix4nmC5x/iGnpmKETIq5K498892EDi

 valid_from: 2020-06-01 13:40:16

 expiration: 2038-01-01 00:00:00

access_duration: NULL

   access_level: ALL

   category: NULL

sponsor: 0

  unregdate: -00-00 00:00:00

 

Thanks,


Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca>  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

 









On Jun 3, 2020, at 3:28 AM, Tomasz Karczewski via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> > wrote:

 

Hi,

 

Does it possible to create local user with unlimited registration window?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl <http://www.man.olsztyn.pl/>   
http://www.uwm.edu.pl <http://www.uwm.edu.pl/> 

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

 

___
PacketFence-users mailing list
 <mailto:PacketFence-users@lists.sourceforge.net> 
PacketFence-users@lists.sourceforge.net
 <https://lists.sourceforge.net/lists/listinfo/packetfence-users> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] User creation with unlimited registration window

[Tomasz Karczewski via PacketFence-users]

Hi,

 

Does it possible to create local user with unlimited registration window?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Fingerbank api connection fail.

[Tomasz Karczewski via PacketFence-users]

I got logs:

 

Error while communicating with the Fingerbank API to check if device 49033
is linked to device 13005. 500 Can't connect to api.fingerbank.org:443
(certificate verify failed)

It happens in 8.1.0 and 10.0.1 version.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence iptables-restore issues and windbind domain join not working after upgrade to 10

[Tomasz Karczewski via PacketFence-users]

There is missing kernel module dkms-ipt-netflow in packetfence-zen installation

Solution is to reinstall module.

yum reinstall dkms-ipt-netflow --enablerepo=packetfence

After reinstallation iptables started properly.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Robert McNutt via PacketFence-users 
 
Sent: Wednesday, April 22, 2020 2:47 PM
To: packetfence-users@lists.sourceforge.net
Cc: Robert McNutt 
Subject: Re: [PacketFence-users] Packetfence iptables-restore issues and 
windbind domain join not working after upgrade to 10

 

Nailed it... I guess v10 includes some netflow functionality because that line 
in the iptables.conf was the culprit, I installed netflow and all is good...


Robert McNutt

 

 

On Tue, Apr 21, 2020 at 1:52 AM Nicolas Quiniou-Briand via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> > wrote:

Hello Robert,

On 20/04/2020 21:47, Robert McNutt via PacketFence-users wrote:
> Anyine else having issues?

It's certainly an issue with your kernel packages.

Are you sure you followed these instructions [1] before upgrading your 
PacketFence packages ?

[1] 
https://packetfence.org/doc/PacketFence_Upgrade_Guide.html#_kernel_development_package

-- 
Nicolas Quiniou-Briand
n...@inverse.ca    ::  +1.514.447.4918 *140  ::  
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF10 Inactive since bug

[Tomasz Karczewski via PacketFence-users]

HI,

 

I noticed that in Packetfence V10 in node info last seen dhcp value is taken
from end time of dhcp lease not from start time.

Fresh Packetfence ZEN installation.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence iptables-restore issues and windbind domain join not working after upgrade to 10

[Tomasz Karczewski via PacketFence-users]

I deployed fresh pf-zen version 10 installation and have problems with iptables 
too.

In /var/logs/messages i see Apr 22 17:52:33 PF10 perl: iptables-restore: line 
226 failed

Second thing is that radiusd-acct won’t start too.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Robert McNutt via PacketFence-users 
 
Sent: Wednesday, April 22, 2020 2:47 PM
To: packetfence-users@lists.sourceforge.net
Cc: Robert McNutt 
Subject: Re: [PacketFence-users] Packetfence iptables-restore issues and 
windbind domain join not working after upgrade to 10

 

Nailed it... I guess v10 includes some netflow functionality because that line 
in the iptables.conf was the culprit, I installed netflow and all is good...


Robert McNutt

 

 

On Tue, Apr 21, 2020 at 1:52 AM Nicolas Quiniou-Briand via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> > wrote:

Hello Robert,

On 20/04/2020 21:47, Robert McNutt via PacketFence-users wrote:
> Anyine else having issues?

It's certainly an issue with your kernel packages.

Are you sure you followed these instructions [1] before upgrading your 
PacketFence packages ?

[1] 
https://packetfence.org/doc/PacketFence_Upgrade_Guide.html#_kernel_development_package

-- 
Nicolas Quiniou-Briand
n...@inverse.ca    ::  +1.514.447.4918 *140  ::  
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Autoreg on violation not triggering

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I need to autoregister Cisco APs on Violation.

I made violation using dhcp_vendor attribute.

 

[306]

priority=1

trigger=(dhcp_vendor::16413_vendor::6720_vendor::6796_vendor:
:7109_vendor::9158_vendor::9462)

actions=autoreg,log,role

window=

desc=Cisco AP Registration

access_duration=1Y

delay_by=

vlan=ap

grace=

enabled=Y

target_category=ap

 

Dhcp working correctly and example AP data look like this.

 

Device Manufacturer 

Cisco Systems, Inc

Device Class 

Linux OS

Device Type 

Cisco WAP c2700

Fully Qualified Device Name 

Router, Access Point or Femtocell/Wireless Access Point/Cisco WAP/Cisco WAP
c2700

Score 

90

Mobile 

DHCP Fingerprint 

1,6,15,44,3,7,33,150,43

DHCP Vendor 

Cisco AP c2700

 

Fingerbank profiling is correct but violation is not triggering.

Could you help me what could be wrong?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Samsung Galaxy S10 PF 9.3 Captive Portal Detection

[Tomasz Karczewski via PacketFence-users]

I made workaround this way.

Configuration > Network Configuration > Fencing > Passthrough (check 
this box) and add connectivitycheck.gstatic.com


W dniu 2020-03-20 19:47, Fabrice Durand via PacketFence-users 
napisał(a):

Hello Ian,

it's a know issue with Samsung devices, in fact if the device won't
pop the portal if the device is on the same layer 2 network.

It has been fixed in
https://github.com/inverse-inc/packetfence/pull/5086 [5] and will be
part in the incoming packetfence v10.

Btw if the registration network is a layer 3 network then it should
work.

I don't know why Samsung did that ...

Regards

Fabrice

Le 20-03-20 à 13 h 58, Ian MacDonald via PacketFence-users a écrit :


Hi,

We noticed Samsung Devices on Android 10 are no longer being
redirected to our Packetfence portal on the registration network.

Up until now we have our portal configured with,
a) Secure redirect ON
b) WISPr redirection capabilities ON

We do not use the detection mechanism bypass.

When the devices connect to the registration VLAN, they simply note
"Connected without Internet" and never detect the portal and
redirect to the registration page.

Is anyone successfully capturing new Galaxy devices / Android 10,
and do they have any insights as to what mechanism we can use, or
DNS filters we can apply?

We are hoping to shortcut the next step of looking at the traffic
and trying to determine what/how to intercept.

We also seem to have good compatibility with many other existing
devices and platforms, so we are hesitant to start bypassing the
Captive Portal detection, which would likely stop a lot of other
platforms from working effectively.

We are using PF9.3
(9.3.0+20200113144930+108928498+0009+v9.3.0+stretch1) with hostapd +
CoA/Disconnect, Out of Band.

cheers,
Ian

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users [1]


--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca [2]
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu [3]) and
PacketFence (http://packetfence.org [4])


Links:
--
[1] https://lists.sourceforge.net/lists/listinfo/packetfence-users
[2] http://www.inverse.ca
[3] http://www.sogo.nu
[4] http://packetfence.org
[5] https://github.com/inverse-inc/packetfence/pull/5086

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fwd: Re: [External] Re: Assign the default VLAN based on a mac address

[Tomasz Karczewski via PacketFence-users]

You need to set this up in vlan filters.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Gregor Fajdiga via PacketFence-users 
 
Sent: Wednesday, February 26, 2020 12:40 PM
To: packetfence-users@lists.sourceforge.net
Cc: Gregor Fajdiga 
Subject: [PacketFence-users] Fwd: Re: [External] Re: Assign the default VLAN 
based on a mac address

 

 



 Forwarded Message  


Subject: 

Re: [PacketFence-users] [External] Re: Assign the default VLAN based on a mac 
address


Date: 

Wed, 26 Feb 2020 10:39:53 +0100


From: 

Gregor Fajdiga   


Organization: 

Delo d.d.


To: 

Ludovic Zammit   



Hello Ludovic,

No. Computer account authenticates correctly. The problem is that packetfence 
doesn't
assign the role that I have set in authentication rules in my authentication 
source.



Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] handling radius autz request: from switch_ip => 
(172.16.133.169), connection_type => Ethernet-EAP,switch_mac => 
(f8:b7:e2:00:00:01), mac => [70:5a:0f:d3:20:84], port => 10634, username => 
"host/it4.ad" (pf::radius::authorize)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] is doing machine auth with account 'host/it4.ad'. 
(pf::radius::authorize)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Instantiate profile 8021x 
(pf::Connection::ProfileFactory::_from_profile)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Found authentication source(s) : DC1_DC2' for realm 
'ad' (pf::config::util::filter_authentication_sources)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Using sources DC1_DC2 for matching 
(pf::authentication::match2)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] No category computed for autoreg 
(pf::role::getNodeInfoForAutoReg)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Switch type 'pf::Switch::Cisco::Catalyst_2960G' does 
not support MABFloatingDevices (pf::SwitchSupports::__ANON__)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Found authentication source(s) : 'DC1_DC2' for realm 
'ad' (pf::config::util::filter_authentication_sources)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Role has already been computed and we don't want to 
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Use of uninitialized value $role in concatenation (.) 
or string at /usr/local/pf/lib/pf/role.pm line 483.
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Username was NOT defined or unable to match a role - 
returning node based role '' (pf::role::getRegisteredRole)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] PID: "host/it4.ad", Status: reg Returned VLAN: 
(undefined), Role: (undefined) (pf::role::fetchRoleForNode)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Use of uninitialized value $vlanName in hash element at 
/usr/local/pf/lib/pf/Switch.pm line 608.
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Use of uninitialized value $vlanName in concatenation 
(.) or string at /usr/local/pf/lib/pf/Switch.pm line 611.
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] No parameter Vlan found in conf/switches.conf for the 
switch 172.16.133.169 (pf::Switch::getVlanByName)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Use of uninitialized value $roleName in hash element at 
/usr/local/pf/lib/pf/Switch.pm line 591.
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) WARN: 
[mac:70:5a:0f:d3:20:84] Use of uninitialized value $roleName in concatenation 
(.) or string at /usr/local/pf/lib/pf/Switch.pm line 594.
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] security_event 133 force-closed for 
70:5a:0f:d3:20:84 (pf::security_event::security_event_force_close)
Feb 26 10:06:27 pf1 packetfence_httpd.aaa: httpd.aaa(24517) INFO: 
[mac:70:5a:0f:d3:20:84] Instantiate profile 8021x 
(pf::Connection::ProfileFactory::_from_profile)
Feb 26 10:06:28 pf1 pfqueue: pfqueue(24783) WARN: [mac:70:5a:0f:d3:20:84] 
Unable to pull accounting history for device 70:5a:0f:d3:20:84. 

Re: [PacketFence-users] MAB Autoreg

[Tomasz Karczewski via PacketFence-users]

Hi Ludovic,

 

There is no other way? Because i wouldn’t have limited number of devices that 
will connect.

I have some small network that uses WPA2 PSK with MAB and devices will change 
dynamically.

After connect PF autoregister them with specified role and i would like to set 
not „default” username for them.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Ludovic Zammit  
Sent: Tuesday, February 25, 2020 2:42 PM
To: Tomasz Karczewski 
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] MAB Autoreg

 

Hello Tomaz,

 

The easiest option would be to pre-register your Mac addresses by importing all 
your Mac addresses in PacketFence. You would need to create the users first and 
then import them with a CSV file mapping the correct owner.

 

Thanks,


Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca>  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

 









On Feb 25, 2020, at 4:44 AM, Tomasz Karczewski via PacketFence-users 
 wrote:

 

Hi,

 

How to set different username(owner) than „default” when i do MAB autoreg.

Does it possible?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl <http://www.man.olsztyn.pl/>   
http://www.uwm.edu.pl <http://www.uwm.edu.pl/> 

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

___
PacketFence-users mailing list
 <mailto:PacketFence-users@lists.sourceforge.net> 
PacketFence-users@lists.sourceforge.net
 <https://lists.sourceforge.net/lists/listinfo/packetfence-users> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] MAB Autoreg

[Tomasz Karczewski via PacketFence-users]

Hi,

 

How to set different username(owner) than "default" when i do MAB autoreg.

Does it possible?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF 9.0.1 Admin GUI Blank

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I made fresh test installation of PF 9.0.1.

Installation went without problems then i started to configure PF form my test 
environment in new GUI.

After user creation i realised that i forgot to create role.

So i created role and get back to user i created before.

First thing is i didn’t see role created from drop down list, so i thing it’s a 
bug.

The second thing is when i deleted user and tried to create the same user once 
again GUI showed me that this users exist (but is deleted)?!

I reloaded all page and then admin GUI became blank.

I done everything in new gui.

 

Tomasz Karczewski

Administrator Sieci

 



 

  tkarczew...@man.olsztyn.pl

  http://www.man.olsztyn.pl
 http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence to Act as a DHCP Server for outofband networks.

[Tomasz Karczewski via PacketFence-users]

Yes you can use PF as dhcp server, you have to set up on registration 
interface networks that you need to provide dhcp service.

I spoke with Fabrice and he told me that in v9 dhcp server will be available 
on management interface too.



From: Etienne Vella via PacketFence-users 

Sent: Wednesday, March 27, 2019 10:05 AM
To: packetfence-users@lists.sourceforge.net
Cc: Etienne Vella 
Subject: [PacketFence-users] PacketFence to Act as a DHCP Server for outofband 
networks.



Good Morning,



We currently have packetfence deployed in our network for 802.1x user 
authentication with SSO towards Fortigate firewall and the access devices are 
a mix of Cisco Cat 4500's and 2960's. We are using the ip helper address 
feature on the 4500 to send the dhcp packets toward the packetfence to be able 
to send SSO, the CAT 4500's are also acting a DHCP.



Currently we are migrating onto CAT 9500 and CAT 9300 which are using IOS XE 
and we've ran into a slight issue.  Basically due to the fact that the CAT 
9500 is being used as a DHCP server aswell the ip helper address command is 
only sending the DHCP request from the client and not the Offer from the 
CAT9500. As a temporary work around we configured the ip helper address 
command on the CAT9300 which are acting only as a distribution layer and they 
are sending both the request and offer towards packet fence.



My question is,  it possible to have packet fence act as a DHCP server for all 
subnets within the network. The idea is to have the DHCP server centralized 
and not having DHCP servers running on each satellite site. So the ip helper 
address would point towards the packet fence servers and they would also issue 
the ip address accordingly.



Thanks,

Etienne



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] No Authentication Source Found for this Username

[Tomasz Karczewski via PacketFence-users]

Show your authentication source.



From: Isma'il Yusha'u via PacketFence-users 

Sent: Thursday, February 7, 2019 12:21 PM
To: packetfence-users@lists.sourceforge.net
Cc: Isma'il Yusha'u 
Subject: [PacketFence-users] No Authentication Source Found for this Username



Hi Guys,



I am Ismail and am trying to setup packetfence Zen 8.x. I have been able to 
follow the manual to the best of my ability but I have some issues. I have 
integrated a windows 2003 server Active Directory for simplicity and added a 
couple of users. the domain joined after some head scratching. I also added a 
realm based on the domain I joined.



I even added a switch which is Huawei s5700 series switch. then I added a 
profile to test, but when I tag the port I was to use I registration vlan, I 
get the right IP from the registration to DHCP and the captive portal is 
presented. Just that I get an error that says "no authentication source found 
for this user". I have attached screenshots of what I am seeing.



Any help would be appreciated.







smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

[Tomasz Karczewski via PacketFence-users]

Show your source configuration.

 

From: Will Halsall via PacketFence-users 
 
Sent: Wednesday, January 16, 2019 12:39 PM
To: packetfence-users@lists.sourceforge.net
Cc: Will Halsall 
Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the 
Role or the Access Duration

 

Hi Fabrice

 

I added the ad source to the default connection profile but no joy

 

The user with a userPrincipalName of w.hals...@farn-ct.ac.uk 
  and sAMAacountname of xwill dpose not set a 
Role or Access Duration

 

A user with a userPrincipalName of 0...@farn-ct.ac.uk 
  and a sAMAcountName of 0010 will set a 
Role and Access Duration

 

 

Thanks

 

 

 

Will Halsall

 

From: Durand fabrice via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net> > 
Sent: 16 January 2019 02:21
To: packetfence-users@lists.sourceforge.net 
 
Cc: Durand fabrice mailto:fdur...@inverse.ca> >
Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the 
Role or the Access Duration

 

Hello Will,

can you provide the content of packetfece.log.

It looks that the user xwill authenticate correctly but there is nothing 
returned by packetfence. (it use the default connection profile).

Do you have an authentication source defined in the default connection profile 
(like the AD source) ?

Regards

Fabrice

 

Le 19-01-15 à 10 h 50, Will Halsall via PacketFence-users a écrit :

Hi Folks,
 
Have upgraded to packetfence 8.3 to use the userPrincipalNmae for  802.1x 
authentication and it authenticates fine but I cannot make it set the Role or 
the Access Duration
 
I have defined the role in the Internal Sources and the Exclusive Sources as a 
catchall rule
 
 
 
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.
 
 
 
 
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
 





___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Choosing Switches for Packetfence

[Tomasz Karczewski via PacketFence-users]

All of them should be fine.

-Original Message-
From: Nishant Sharma via PacketFence-users 

Sent: Thursday, December 6, 2018 9:27 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nishant Sharma 
Subject: [PacketFence-users] Choosing Switches for Packetfence

Hi,

I am assigned to upgrade LAN infrastructure at an office. Brain of the network 
is going to be Packetfence.

I want to make sure that investment is made in the right hardware well 
supported with Packetfence. The models proposed by switch vendors are not 
listed on https://packetfence.org/about.html#/material .

It would be great to have inputs on following models w.r.t. Packetfence
support:

* Cisco Catalyst 9500
* Cisco Catalyst 9300
* Juniper QFX5100
* Fortinet Switches (No specific models provided)
* HP Aruba (HP doesn't sell ProCurve switches anymore)

Any other insights into making this decision would be a great help.

Thanks in advance.

Regards,
Nishant


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Please Help Regarding Aruba IAP-305

[Tomasz Karczewski via PacketFence-users]

Check 
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_aruba



From: Manzoor Ahmad via PacketFence-users 

Sent: Wednesday, December 5, 2018 10:37 AM
To: packetfence-users@lists.sourceforge.net
Cc: Manzoor Ahmad 
Subject: [PacketFence-users] Please Help Regarding Aruba IAP-305



Dear Packetfence Support,



We recently purchased Aruba IAP-305 wireless access points (without 
controller). We tried to configure these APs with Packetfence but we could not 
configure. Could you please help us in this regard?

Thanks a lot in advance.



Regards,

Ahmad



  _


Disclaimer: This email and any attachments may contain confidential material 
and is solely for the use of the intended recipient(s). If you have received 
this email in error, please notify the sender immediately and delete this 
email. If you are not the intended recipient(s), you must not use, retain or 
disclose any information contained in this email. Any views or opinions are 
solely those of the sender and do not necessarily represent those of National 
Centre for Physics (NCP). NCP does accept responsibility for any errors or 
omissions that are present in the message, or any attachment, that have arisen 
as a result of email transmission.



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Mac auth

[Tomasz Karczewski via PacketFence-users]

Hi,

 

You have to create vlan filters for that or manually assign roles that put 
devices in proper vlan.

 

From: Wifi Guy via PacketFence-users  
Sent: Thursday, November 8, 2018 12:01 PM
To: packetfence-users@lists.sourceforge.net
Cc: Wifi Guy 
Subject: [PacketFence-users] Mac auth

 

Hi

 

Can someone tell me where I need to fill in MAC addresses of Clients into PF 
when I only want to do basic MAC authentication without AD integration.

So what we want to setup is a local database of MAC addresses which will be 
authenticated via Radius with our switches and ideally get dynamically mapped 
to the configured VLAN. I can´t find that in the documentation.

 

Thanks



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Empty netdata statistics

[Tomasz Karczewski via PacketFence-users]

I see something like this.

 

select ssid, count(distinct mac) from locationlog where ssid != '' and end_time 
is null group by ssid;

+---+-+

| ssid   | count(distinct mac) |

+---+-+

| a|   47 |

| exx|1433 |

| gxx|4397 |

| o|   3 |

+---+-+

 

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Tomasz Karczewski via PacketFence-users 
 
Sent: Friday, September 21, 2018 9:36 AM
To: packetfence-users@lists.sourceforge.net
Cc: Tomasz Karczewski 
Subject: [PacketFence-users] Empty netdata statistics

 

Hi,

 

I have some netdata statistics empty. I attached screenshoot.

How to fix it?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Empty netdata statistics

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I have some netdata statistics empty. I attached screenshoot.

How to fix it?

 

Tomasz Karczewski

Administrator Sieci

 



 

  tkarczew...@man.olsztyn.pl

  http://www.man.olsztyn.pl
 http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] fingerbank-coll High load

[Tomasz Karczewski via PacketFence-users]

Hi,

 

How did you found this entry in details?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Truax, Peter via PacketFence-users
 
Sent: Wednesday, September 5, 2018 6:33 PM
To: packetfence-users@lists.sourceforge.net
Cc: Truax, Peter 
Subject: Re: [PacketFence-users] fingerbank-coll High load

 

Gregory,

 

The fingerbank.conf file is in /usr/local/fingerbank/

 

Not sure about your performance problem. 

 

I will tell you about a similar performance problem we had that we fixed. We
had done several upgrades (version 7.4 - 8.1) during which an entry in the
database got corrupted. This caused the whole system to slow down while the
server tried to process the corrupted data. We were able to narrow down
which entry it was by searching the nodes in pf. Some searches would be fast
(1-10 seconds). Others would take a minute or longer. We eventually figured
out which entry was our problem entry. We tried the command, ./pfcmd node
delete xx:xx:xx:xx:xx:xx, but it did not work. It gave an error of "location
log still active" or something similar. 

 

To fix it, we used the following commands:

 

 

mysql -u root -p

 



 

use pf;

 

delete from locationlog where mac = 'xx:xx:xx:xx:xx:xx'; 

 

exit;

 

 

We were then able to run 

 

 

usr/local/pf/bin/pfcmd node delete xx:xx:xx:xx:xx:xx successfully.

 

 

After deleting that entry, the server suddenly became much faster.

 

I hope this information is helpful.

 

Peter Truax

Network Administrator

St. Martin's University

Lacey, WA

 

 

From: Thomas, Gregory A via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net> > 
Sent: Wednesday, September 5, 2018 7:21 AM
To: packetfence-users@lists.sourceforge.net
 
Cc: Thomas, Gregory A mailto:thom...@uwp.edu> >
Subject: [PacketFence-users] fingerbank-coll High load

 

I just started the semester, so there are a ton of new devices on the
network and I expect there to be more load then when I first implemented the
upgrade. Yesterday when there were reports of some lag, I took a look at the
load and it was hovering around 15. The server has 4 virtual processors with
2 cores and 12 GB of RAM and 100GB of storage. It is the only VM on the box.
It is version 8.1 and pf_maint and yum update were run yesterday and the
system was rebooted right after.

 

I know the next questions: yes I have the fingerbank API key installed.
However, when looking there is no fingerbank.conf in the conf folder. When I
search for any part of the key with 'grep -r', it is not found. 

 

Any clues on where to look next or what I can do to reduce the load?

 

--

Gregory A. Thomas

Student Life Support Specialist

University of Wisconsin-Parkside

thom...@uwp.edu

262.595.2432

 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Deregister device

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I have two open non secure ssid that using packetfence captive portal to
login.

How to deregister device registered before in one ssid that try to connect
to second ssid?

I don't want to use Automatically deregister devices on accounting stop in
portal profile.

My Packetfence version is 8.1

 

Tnx for advice.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] auto-reg domain computers

[Tomasz Karczewski via PacketFence-users]

You need to add in authentication source (you've set before) rules that
match users you want to match and set actions rules (you want to assign) and
access duration.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Cox, Eric via PacketFence-users
 
Sent: Monday, August 27, 2018 1:28 PM
To: packetfence-users@lists.sourceforge.net
Cc: Cox, Eric 
Subject: [PacketFence-users] auto-reg domain computers

 

I can't seem to get the configuration right for domain computers.  PF 8.1  I
have an authentication source defined.  With just it configured it accepts
the domain computers connection and lands in registration.   If I add a
connection profile to reg the device it does register but does not assign a
role.  I get max nodes per pid met or exceeded and REJECT.  What am I
missing?

 

Eric J. Cox

Sr. Network Engineer



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Capwap Support

[Tomasz Karczewski via PacketFence-users]

Do you mean Cisco WLC?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Nitin K via PacketFence-users  
Sent: Friday, August 17, 2018 5:48 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nitin K 
Subject: [PacketFence-users] Capwap Support

 

Hi all,

I am looking for a controller with capwap support.

Does packetfence have this functionality in built or can this be developed?

Thx
Nitin K



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] packetfence 8.1 dhcp leases

[Tomasz Karczewski via PacketFence-users]

Hi everyone,

 

I've got one question how to manage DHCP leases if i want to delete leases
for specific hosts or for all hosts for routed network?

 

Tnx for answers.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Redundant authentication sources

[Tomasz Karczewski via PacketFence-users]

In case using radius as authentication sources is the proper way so it's
similiar in AD as source though.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl   http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Cristian Mammoli via PacketFence-users
 
Sent: Tuesday, May 8, 2018 10:54 AM
To: 'packetfence-users@lists.sourceforge.net'

Cc: Cristian Mammoli 
Subject: [PacketFence-users] Redundant authentication sources

Hi, what's the correct way to have redundant authentication sources? 
There is no way to specify multiple hosts.

I ended up declaring them twice with different servers and using both in
connection profiles but I don't know if this is the correct way to go:

apra-machine-auth-dc01      Apra Machine authentication DC01     AD
apra-machine-auth-dc02      Apra Machine authentication DC02     AD
apra-user-auth-dc01      Apra Machine authentication DC01     AD
apra-user-auth-dc02      Apra Machine authentication DC02     AD

Thanks

C.


--
Check out the vibrant tech community on one of the world's most engaging
tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Load testing PacketFence

[Tomasz Karczewski via PacketFence-users]

It would be a great thing to make some stress tests in our environment before 
put PF in production.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl   http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Truax, Peter via PacketFence-users 
 
Sent: Tuesday, March 20, 2018 5:12 PM
To: packetfence-users@lists.sourceforge.net
Cc: Truax, Peter 
Subject: Re: [PacketFence-users] Load testing PacketFence

Ludovic,

I think Max was asking to be able to use some tool to load a PacketFence server 
so that he could test his own setup and make sure it will work. I would be 
interested in this as well. The internal tools you mentioned, are they 
something you guys have written or are they something standard we could 
download?

Thanks,

Peter Truax
Network Admin
St. Martin's University

-Original Message-
From: Ludovic Marcotte via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, March 20, 2018 8:36 AM
To: packetfence-users@lists.sourceforge.net
Cc: Ludovic Marcotte 
Subject: Re: [PacketFence-users] Load testing PacketFence

Hello Max,

On 2018-03-20 10:52 AM, Max McGrath via PacketFence-users wrote:
> I'm curious if there are any known ways to do load testing on PacketFence?
>
> We typically upgrade PacketFence during a break when no classes are in 
> session, and the first actual load against PF is when students return.
> If there are issues with our PF instance it goes unnoticed until 
> students return and, at that point, connections are problematic until 
> the problem gets fixed.
>
> Is there a way to throw a large load against PF -- maybe with 
> tcpreplay -- to simulate thousands of connections?

We have internal tools to do that together with a load-testing infrastructure. 
We never release a version of PacketFence that has a slower component than the 
previous version. We've been doing that since
v6.1 or something.

Thanks,

--
Ludovic Marcotte
lmarco...@inverse.ca  ::  +1.514.755.3630  ::  http://inverse.ca Inverse inc. 
:: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) 
and Fingerbank (http://fingerbank.org)


--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Detecting WIFI Routers using violations

[Tomasz Karczewski via PacketFence-users]

>Does you device that you want to catch does display the proper device type and 
>device class ?

 

Yes, it does „Routers and APs”.

 

>Which PacketFence version are you running ?

 

Now it is 6.5.1 but i will migrate to 7.4.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Ludovic Zammit <lzam...@inverse.ca> 
Sent: Friday, February 16, 2018 3:20 PM
To: packetfence-users@lists.sourceforge.net
Cc: Tomasz Karczewski <tkarczew...@man.olsztyn.pl>
Subject: Re: [PacketFence-users] Detecting WIFI Routers using violations

 

Hello Tomasz,

 

The violation will be trigger on the DHCP traffic of the device when they are 
in the registration VLAN.

 

Does you device that you want to catch does display the proper device type and 
device class ?

 

Which PacketFence version are you running ?

 

Thanks,


Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca>  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

 









On Feb 8, 2018, at 6:07 AM, Tomasz Karczewski via PacketFence-users 
<packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net> > wrote:

 

Hi,

 

I would like to create a violation that will automatically detect wireless 
routers in the cable network. 

I would like to apply this violation for "Smartphones / PDAs / Tablets" and 
"Routers and APs" connected to a particular switch group. 

I tried to run this but the violation does not start automatically. Did anyone 
of you run something like this and could help me?

 

Below is example that doesn’t work:

 

[307]

priority=1

trigger=(device::11::4),(switch_group::SWITCHES)

actions=unreg,email_admin,reevaluate_access,log

desc=Block WIFI Routers

enabled=Y

template=banned_devices

auto_enable=N

 

Tnx

 

Tomasz Karczewski

Administrator Sieci

 



 

 <mailto:tkarczew...@man.olsztyn.pl> tkarczew...@man.olsztyn.pl

 <http://www.man.olsztyn.pl/> http://www.man.olsztyn.pl
<http://www.uwm.edu.pl/> http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites,  <http://slashdot.org/> Slashdot.org!  
<http://sdm.link/slashdot___> 
http://sdm.link/slashdot___
PacketFence-users mailing list
 <mailto:PacketFence-users@lists.sourceforge.net> 
PacketFence-users@lists.sourceforge.net
 <https://lists.sourceforge.net/lists/listinfo/packetfence-users> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Detecting WIFI Routers using violations

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I would like to create a violation that will automatically detect wireless
routers in the cable network. 

I would like to apply this violation for "Smartphones / PDAs / Tablets" and
"Routers and APs" connected to a particular switch group. 

I tried to run this but the violation does not start automatically. Did
anyone of you run something like this and could help me?

 

Below is example that doesn't work:

 

[307]

priority=1

trigger=(device::11::4),(switch_group::SWITCHES)

actions=unreg,email_admin,reevaluate_access,log

desc=Block WIFI Routers

enabled=Y

template=banned_devices

auto_enable=N

 

Tnx

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cannot set management interface

[Tomasz Karczewski via PacketFence-users]

What do you mean exactly?
Give more details.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl   http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Woody's Delve via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, February 7, 2018 2:32 PM
To: packetfence-users@lists.sourceforge.net
Cc: Woody's Delve 
Subject: [PacketFence-users] Cannot set management interface


Hi, 

I am not able to configure management interface to vlan enforcement. 
Application is hosted on vmware esxi 5 tried and checked almost every thing but 
didn’t get any solution do we have any option to skipp that
--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cannot set Admin Password - ZEN 7.4

[Tomasz Karczewski via PacketFence-users]

Maybe you gave not enough resources to your PF VM.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Aaron.Pack--- via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, February 7, 2018 12:28 PM
To: packetfence-users@lists.sourceforge.net
Cc: aaron.p...@nsoit.com
Subject: [PacketFence-users] Cannot set Admin Password - ZEN 7.4

 

Hello All,

 

I just imported a fresh download of the ZEN 7.4 appliance, and I'm
experiencing issue with configurator.

 

During configurator setup I'm stuck at Step 5.  "Step 5 Administration
Access to the administration interface"

 

It will not accept my new admin password.

 

When I type in my password twice the "MODIFY THIS PASSWORD" button turns
blue, but when I click it nothing happens.

 

If I push the "CONTINUE ->" button, then I get the error "Error! Please
verify your configuration." in red on top of page.

 

I know the configurator can take my input, because I made it to Step 5.

 

 

Things I've tried so far:

- Firefox and Chrome.

- Using Enter key instead of clicking.

- Leaving both boxes empty.

- Using "admin" for both textboxes.

- Skipping to Step 7 "Confirmation".  It says I haven't completed all steps.

- Rebooting ZEN.

 

 

Please help me if you know how to resolve this issue.

 

Thank you,

Aaron Pack



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

[Tomasz Karczewski via PacketFence-users]

Cisco IOS XE cli should be similiar to cisco ios. As i know the difference
between ios and ios xe is that xe is modular and process fails don't cause
harm to other processes.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Jeremy Plumley via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Friday, December 15, 2017 2:42 PM
To: packetfence-users@lists.sourceforge.net
Cc: Jeremy Plumley 
Subject: Re: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

 

Best I can tell from Cisco website they run Cisco IOS XE. Think this is no
different than the 4500 series. The reseller just made it sound like it was
different from what I already use and advised I may need some services on
how to configure. I know they are really trying to sell the new Cisco DNA
platform and Cisco ISE. Both Cisco and Aruba really pushing us to get the
ISE or Clearpass NAC.

 

Jeremy Plumley

ITS Network Administrator

Ext 50024

 

From: puz...@man.olsztyn.pl 
[mailto:puz...@man.olsztyn.pl] On Behalf Of Tomasz Karczewski
Sent: Friday, December 15, 2017 6:26 AM
To: packetfence-users@lists.sourceforge.net
 
Cc: Jeremy Plumley  >
Subject: RE: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

 

Does it have different cisco ios?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl  

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Jeremy Plumley via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, December 14, 2017 10:35 PM
To: packetfence-users@lists.sourceforge.net
 
Cc: Jeremy Plumley  >
Subject: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

 

Just reaching out to see if anyone has implemented Packetfence on a Cisco
Catalyst 9300 or 9400 model switch? This seems to be Cisco's new line that
will probably phase out 4500 and 6500 model switches.

 

Jeremy Plumley

ITS Network Administrator

Ext 50024

E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.) 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

[Tomasz Karczewski via PacketFence-users]

Does it have different cisco ios?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Jeremy Plumley via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, December 14, 2017 10:35 PM
To: packetfence-users@lists.sourceforge.net
Cc: Jeremy Plumley 
Subject: [PacketFence-users] Cisco Catalyst 9300 and 9400 support

 

Just reaching out to see if anyone has implemented Packetfence on a Cisco
Catalyst 9300 or 9400 model switch? This seems to be Cisco's new line that
will probably phase out 4500 and 6500 model switches.

 

Jeremy Plumley

ITS Network Administrator

Ext 50024

E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.) 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] ODP: Re: Aruba Switch Network Configuration

[Tomasz Karczewski via PacketFence-users]

IT should be similiar to H3C comware. 

 Użytkownik Fabrice Durand via PacketFence-users napisał 

>Hello Jeremy,
>
>does the Aruba Switch run Arubas OS or is it something like HP Os ?
>
>Regards
>
>Fabrice
>
>
>
>Le 2017-12-06 à 09:07, Jeremy Plumley via PacketFence-users a écrit :
>>
>> I’m looking into possibly replacing some of our access layer switch
>> needs with Aruba Networks switches. I notice in 7.2.0 there is an
>> option for Aruba Switches but I see no documentation for the commands
>> to run on the Network Configuration documentation. Has anyone
>> configured an Aruba Switch using Packetfence and willing to share the
>> configuration they used? Thanks.
>>
>>  
>>
>> *Jeremy Plumley,*
>>
>> ITS Network Administrator
>>
>> Guilford Technical Community College
>>
>> Applied Technologies, Rm #249
>>
>> Jamestown Campus, 601 E. Main Street, Jamestown, NC 27282
>>
>> E-mail: _jmplum...@gtcc.edu _
>>
>> Direct: 336.334.4822 ext 50024
>>
>> Mailing Address: PO Box 309, Jamestown, NC 27282
>>
>> *www.gtcc.edu* 
>>
>> Current_Color_GTCC%20Logo%20smaller
>>
>> */Supporting success through innovative education, training, and
>> partnerships/*
>>
>>  
>>
>> E-Mail correspondence to and from this address may be subject to the
>> North Carolina Public Records Law and shall be disclosed to third
>> parties when required by the statutes (G.S. 132-1.)
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>-- 
>Fabrice Durand
>fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
>Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>(http://packetfence.org) 
>
>
>--
>Check out the vibrant tech community on one of the world's most
>engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>___
>PacketFence-users mailing list
>PacketFence-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Wireless WPA2-PSK Devices

[Tomasz Karczewski via PacketFence-users]

Maybe try to use mac-auth + captive portal authentication?

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl   http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: Paul Coates via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Saturday, November 4, 2017 5:22 AM
To: packetfence-users@lists.sourceforge.net
Cc: Paul Coates 
Subject: [PacketFence-users] Wireless WPA2-PSK Devices

We have been running a wired PacketFence service for our students for a
while now. This year students are turning up with more Google Home, Amazon
Echo, Sonos speakers, etc. devices only capable of WPA/WPA2-PSK. 
These devices can not connect to our campus WPA2-EAP wireless service so I'm
returning to packetfence as a possible solution.

I've been able to get an open wireless network with mac-auth working with a
test laptop but I'm struggling to get secure wireless working without it
asking for a login and password. I assume the secure method is also supposed
to have the client send it's mac address for authentication?

We are using Huawei ACU2 controllers, the same config as the AC6605 in the
Network Devices Configuration Guide, but those instructions are for
v2r5 software or earlier, the configuration file format completely changed
in v2r6 so I'm having a few issues.

My question is, the devices I mentioned that can only do WPA/WPA2-PSK,
should these devices work over the secure wireless solution when I get it
working, or can we only use the open mac-auth solution?

Thanks,

Paul

--
Paul Coates, Newcastle University, Network Team


--
Check out the vibrant tech community on one of the world's most engaging
tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] prevent certain ldap usernames from registering devices

[Tomasz Karczewski via PacketFence-users]

Hi,

I want to allow registering only devices with selected usernames on captive
portal then reject all others.
I was trying to do it at source but i REJECT at the end of rules doesn't
work.
I see you've done working solution. Could you show me example of your rules?

Thanks for your response.

Tomasz Karczewski
Administrator Sieci



tkarczew...@man.olsztyn.pl
http://www.man.olsztyn.pl   http://www.uwm.edu.pl
tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie

-Original Message-
From: lists via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Tuesday, September 12, 2017 11:43 AM
To: packetfence-users@lists.sourceforge.net
Cc: lists 
Subject: [PacketFence-users] prevent certain ldap usernames from registering
devices

Hi,

Is there a way to 'blacklist' specific ldap usernames from registering
devices in the packetfence portal?

Running pf 7 with inline guest portal, with an AD ldap-based usersource.

I tried creating a rule under our ldap authentication source:
- condition 'username'
- role REJECT
- access duration (mandatory!) of 0h

While this makes the registration basically fail, but in a way very unclear
to the end-user. We hope pf has a better way of informing the user that this
specific account is not allowed to register devices..?

Best regards,
MJ


--
Check out the vibrant tech community on one of the world's most engaging
tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal allow only selected usernames

[Tomasz Karczewski via PacketFence-users]

Thank you Fabrice.

One more question. Where can i find values or examples of captive portal 
advanced filters?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Friday, October 6, 2017 11:52 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

It's in the source where you have to define the rules.

Also you can use a regexp in the rule to match what you need.

Last thing , keep in mind that there is an order in the rule, so the first 
match win and the last one can match by default.

 

Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit :

Thank you for response.

Where exactly do i have to make these rules?

Sources? Portal Profiles? Vlan filters?

One more question. Does there a way to add to advanced rule to match i.e. 
company field defined in users field?

If this field not match don’t allow?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, October 5, 2017 8:12 PM
To: packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net> 
Cc: Fabrice Durand  <mailto:fdur...@inverse.ca> <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

Hello Tomasz,

create a rule for each users and at the end add a catch_all with the reject 
role.

Regards

Fabrice

 

 

Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :

Hi,
 
I'm trying to allow only selected users to wifi with specific ssid and 
connection-type.
For example i have ssid "specificusers" connection type wireless-noeap.
I want to allow only selected usernames to allow and register device with 
specific role i.e. "specificusers"
us...@domain.com <mailto:us...@domain.com>  us...@domain.com 
<mailto:us...@domain.com>  us...@domain.com <mailto:us...@domain.com>  and not 
allow any other 
usernames.
Did anyone do this?
 
Tnx for answers
Tomasz Karczewski







--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot







___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users






-- 
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 






--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal allow only selected usernames

[Tomasz Karczewski via PacketFence-users]

Hi Fabrice,

 

I’ve made source as you said. I have radius source with rules below

 

[RADIUS rule ALLOW]

description=Allow

class=authentication

match=any

action0=set_role=guest

action1=set_access_duration=1D

condition0=username,starts,testuser@

 

[RADIUS rule REJECT]

description=Reject all

class=authentication

match=all

action0=set_role=REJECT

action1=set_access_duration=1h

 

It should allow only username starts with „testuser” but REJECT rule seems no 
to work.

Still registering other users. Maibe i missed something?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Friday, October 6, 2017 11:52 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

It's in the source where you have to define the rules.

Also you can use a regexp in the rule to match what you need.

Last thing , keep in mind that there is an order in the rule, so the first 
match win and the last one can match by default.

 

Le 2017-10-06 à 05:19, Tomasz Karczewski via PacketFence-users a écrit :

Thank you for response.

Where exactly do i have to make these rules?

Sources? Portal Profiles? Vlan filters?

One more question. Does there a way to add to advanced rule to match i.e. 
company field defined in users field?

If this field not match don’t allow?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, October 5, 2017 8:12 PM
To: packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net> 
Cc: Fabrice Durand  <mailto:fdur...@inverse.ca> <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

Hello Tomasz,

create a rule for each users and at the end add a catch_all with the reject 
role.

Regards

Fabrice

 

 

Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :

Hi,
 
I'm trying to allow only selected users to wifi with specific ssid and 
connection-type.
For example i have ssid "specificusers" connection type wireless-noeap.
I want to allow only selected usernames to allow and register device with 
specific role i.e. "specificusers"
us...@domain.com <mailto:us...@domain.com>  us...@domain.com 
<mailto:us...@domain.com>  us...@domain.com <mailto:us...@domain.com>  and not 
allow any other 
usernames.
Did anyone do this?
 
Tnx for answers
Tomasz Karczewski







--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot







___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users






-- 
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 






--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal allow only selected usernames

[Tomasz Karczewski via PacketFence-users]

Thank you for response.

Where exactly do i have to make these rules?

Sources? Portal Profiles? Vlan filters?

One more question. Does there a way to add to advanced rule to match i.e. 
company field defined in users field?

If this field not match don’t allow?

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl   http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, October 5, 2017 8:12 PM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Captive Portal allow only selected usernames

 

Hello Tomasz,

create a rule for each users and at the end add a catch_all with the reject 
role.

Regards

Fabrice

 

 

Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :

Hi,
 
I'm trying to allow only selected users to wifi with specific ssid and 
connection-type.
For example i have ssid "specificusers" connection type wireless-noeap.
I want to allow only selected usernames to allow and register device with 
specific role i.e. "specificusers"
us...@domain.com <mailto:us...@domain.com>  us...@domain.com 
<mailto:us...@domain.com>  us...@domain.com <mailto:us...@domain.com>  and not 
allow any other 
usernames.
Did anyone do this?
 
Tnx for answers
Tomasz Karczewski






--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users





-- 
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) ::  
www.inverse.ca <http://www.inverse.ca> 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Captive Portal allow only selected usernames

[Tomasz Karczewski via PacketFence-users]

Hi,

I'm trying to allow only selected users to wifi with specific ssid and 
connection-type.
For example i have ssid "specificusers" connection type wireless-noeap.
I want to allow only selected usernames to allow and register device with 
specific role i.e. "specificusers"
us...@domain.com us...@domain.com us...@domain.com and not allow any other 
usernames.
Did anyone do this?

Tnx for answers
Tomasz Karczewski


smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] LDAP authentication

[Tomasz Karczewski via PacketFence-users]

Propably you’re hitting wrong portal profile.

 

From: Luís Torres via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Tuesday, September 5, 2017 4:20 PM
To: packetfence-users@lists.sourceforge.net
Cc: Luís Torres
Subject: [PacketFence-users] LDAP authentication

 

Hello,

 

just setup aswell to user authentication on captive portal to ldap. But I got 
this error when I login on the portal:

 

"you do not have the permission to register a device with this username"

 

where can I change the "permissions" for all authenticated ldap users, in order 
to add devices?

 

Regards

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal with WLC5500 ( 7.0 )

[Tomasz Karczewski via PacketFence-users]

Yes you have to upgrade to newer version. I’m using 8.0.140.0.

Works with no problems.

 

From: Luís Torres via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Thursday, August 31, 2017 12:24 PM
To: packetfence-users@lists.sourceforge.net
Cc: Luís Torres
Subject: [PacketFence-users] Captive Portal with WLC5500 ( 7.0 )

 

Hello fellows,

 

I suppose in this version of the wlc ( 7.0 ) I cant use Radius Nac without use 
wpa2. However , Im using the layer3 security to redirect to the packetfence 
captive portal.

 

Can you tell me Why the devices always go to the node mac 00:11:22:33:44:55 ?  
everything now works fine but I always get this error on the logs:

 

Aug 31 11:11:16 packetfence packetfence_httpd.portal: httpd.portal(42936) WARN: 
[mac:00:11:22:33:44:55] Can't re-evaluate access because no open locationlog 
entry was found (pf::enforcement::reevaluate_access)

 

I checked in the locationlog table and isnt there..., also I deleted from nodes 
but it always came back

 

LT

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence 7.2.0 Cannot set authentication rules in radius source.

[Tomasz Karczewski via PacketFence-users]

Packetfence 7.1.0 version has no problems with that.

Maybe it's some kind of bug?

 

From: Tomasz Karczewski via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, August 30, 2017 1:06 PM
To: packetfence-users@lists.sourceforge.net
Cc: Tomasz Karczewski
Subject: [PacketFence-users] Packetfence 7.2.0 Cannot set authentication
rules in radius source.

 

Hi,

 

I'm deploying new version of packetfence and when i adding new radius
authentication source and 

set authentication rules I got message "Error! An error condition has
occured. See server side logs for details."

 

Logs from httpd.admin.log are as follows

 

Aug 30 09:01:33 PacketFence-ZEN httpd_admin: httpd.admin(2349) ERROR:
[mac:unknown] Caught exception in
pfappserver::Controller::Config::Source->update "Attribute (timeout) does
not pass the type constraint because: Validation failed for 'Maybe[Int]'
with value  at constructor pf::Authentication::Source::RADIUSSource::new
(defined at /usr/local/pf/lib/pf/Authentication/Source/RADIUSSource.pm line
233) line 136.

 
pf::Authentication::Source::RADIUSSource::new('pf::Authentication::Source::R
ADIUSSource', 'HASH(0x7ffb9b826ae8)') called at
/usr/local/pf/lib/pf/authentication.pm line 121

pf::authentication::newAuthenticationSource('RADIUS', 'source',
'HASH(0x7ffb9b826530)') called at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Source.pm line
346

 
pfappserver::Form::Config::Source::get_source('pfappserver::Form::Config::So
urce::RADIUS=HASH(0x7ffb9b6ee2a0)') called at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Field/SourceRuleConditio
n.pm line 72

 
pfappserver::Form::Field::SourceRuleCondition::options_attributes('HTML::For
mHandler::Field::Select::16=HASH(0x7ffb9b825ee8)') called at native
delegation method HTML::FormHandler::Field::Select::get_options
(execute_method) of attribute options_method (defined at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 52) line
3

 
HTML::FormHandler::Field::Select::get_options('HTML::FormHandler::Field::Sel
ect::16=HASH(0x7ffb9b825ee8)') called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 265

 
HTML::FormHandler::Field::Select::_load_options('HTML::FormHandler::Field::S
elect::16=HASH(0x7ffb9b825ee8)') called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 251

 
HTML::FormHandler::Field::Select::_result_from_input('HTML::FormHandler::Fie
ld::Select::16=HASH(0x7ffb9b825ee8)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b825ed0)', 'username', 1)
called at /usr/share/perl5/vendor_perl/HTML/FormHandler/InitResult.pm line
59

 
HTML::FormHandler::InitResult::_result_from_input('pfappserver::Form::Field:
:SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Compound.pm line 74

Class::MOP::Class:::around('CODE(0x7ffb798c81c0)',
'pfappserver::Form::Field::SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 162

 
Class::MOP::Method::Wrapped::__ANON__('pfappserver::Form::Field::SourceRuleC
ondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 91

 
HTML::FormHandler::Field::Compound::_result_from_input('pfappserver::Form::F
ield::SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Repeatable.pm line 159

 
HTML::FormHandler::Field::Repeatable::_result_from_input('pfappserver::Form:
:Field::DynamicList::18=HASH(0x7ffb9b814880)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b81d618)',
'ARRAY(0x7ffb9b73e940)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/InitResult.pm line 59

 
HTML::FormHandler::InitResult::_result_from_input('pfappserver::Form::Field:
:SourceRule::21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Compound.pm line 74

Class::MOP::Class:::around('CODE(0x7ffb798c81c0)',
'pfappserver::Form::Field::SourceRule::21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 162

 
Class::MOP::Method::Wrapped::__ANON__('pfappserver::Form::Field::SourceRule:
:21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 91

 
HTML::FormHandler::Field::Compound::_result_from_input(

[PacketFence-users] Packetfence 7.2.0 Cannot set authentication rules in radius source.

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I'm deploying new version of packetfence and when i adding new radius
authentication source and 

set authentication rules I got message "Error! An error condition has
occured. See server side logs for details."

 

Logs from httpd.admin.log are as follows

 

Aug 30 09:01:33 PacketFence-ZEN httpd_admin: httpd.admin(2349) ERROR:
[mac:unknown] Caught exception in
pfappserver::Controller::Config::Source->update "Attribute (timeout) does
not pass the type constraint because: Validation failed for 'Maybe[Int]'
with value  at constructor pf::Authentication::Source::RADIUSSource::new
(defined at /usr/local/pf/lib/pf/Authentication/Source/RADIUSSource.pm line
233) line 136.

 
pf::Authentication::Source::RADIUSSource::new('pf::Authentication::Source::R
ADIUSSource', 'HASH(0x7ffb9b826ae8)') called at
/usr/local/pf/lib/pf/authentication.pm line 121

pf::authentication::newAuthenticationSource('RADIUS', 'source',
'HASH(0x7ffb9b826530)') called at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Source.pm line
346

 
pfappserver::Form::Config::Source::get_source('pfappserver::Form::Config::So
urce::RADIUS=HASH(0x7ffb9b6ee2a0)') called at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Field/SourceRuleConditio
n.pm line 72

 
pfappserver::Form::Field::SourceRuleCondition::options_attributes('HTML::For
mHandler::Field::Select::16=HASH(0x7ffb9b825ee8)') called at native
delegation method HTML::FormHandler::Field::Select::get_options
(execute_method) of attribute options_method (defined at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 52) line
3

 
HTML::FormHandler::Field::Select::get_options('HTML::FormHandler::Field::Sel
ect::16=HASH(0x7ffb9b825ee8)') called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 265

 
HTML::FormHandler::Field::Select::_load_options('HTML::FormHandler::Field::S
elect::16=HASH(0x7ffb9b825ee8)') called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Select.pm line 251

 
HTML::FormHandler::Field::Select::_result_from_input('HTML::FormHandler::Fie
ld::Select::16=HASH(0x7ffb9b825ee8)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b825ed0)', 'username', 1)
called at /usr/share/perl5/vendor_perl/HTML/FormHandler/InitResult.pm line
59

 
HTML::FormHandler::InitResult::_result_from_input('pfappserver::Form::Field:
:SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Compound.pm line 74

Class::MOP::Class:::around('CODE(0x7ffb798c81c0)',
'pfappserver::Form::Field::SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 162

 
Class::MOP::Method::Wrapped::__ANON__('pfappserver::Form::Field::SourceRuleC
ondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 91

 
HTML::FormHandler::Field::Compound::_result_from_input('pfappserver::Form::F
ield::SourceRuleCondition::22=HASH(0x7ffb...',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b804d28)',
'HASH(0x7ffb9b73ea00)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Repeatable.pm line 159

 
HTML::FormHandler::Field::Repeatable::_result_from_input('pfappserver::Form:
:Field::DynamicList::18=HASH(0x7ffb9b814880)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b81d618)',
'ARRAY(0x7ffb9b73e940)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/InitResult.pm line 59

 
HTML::FormHandler::InitResult::_result_from_input('pfappserver::Form::Field:
:SourceRule::21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Compound.pm line 74

Class::MOP::Class:::around('CODE(0x7ffb798c81c0)',
'pfappserver::Form::Field::SourceRule::21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 162

 
Class::MOP::Method::Wrapped::__ANON__('pfappserver::Form::Field::SourceRule:
:21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/lib64/perl5/vendor_perl/Class/MOP/Method/Wrapped.pm line 91

 
HTML::FormHandler::Field::Compound::_result_from_input('pfappserver::Form::F
ield::SourceRule::21=HASH(0x7ffb9b49cba0)',
'HTML::FormHandler::Field::Result=HASH(0x7ffb9b793108)',
'HASH(0x7ffb9b761180)', 1) called at
/usr/share/perl5/vendor_perl/HTML/FormHandler/Field/Repeatable.pm line 159

 
HTML::FormHandler::Field::Repeatable::_result_from_input('pfappserver::Form:
:Field::DynamicList::18=HASH(0x7ffb9b741470)',

Re: [PacketFence-users] packetfence webauth WLC redirect - how it works?

[Tomasz Karczewski via PacketFence-users]

Radius reply to your WLC controller with Cisco-AVPair = 
"url-redirect=https://your.captive.portal; attribute depends on role you 
defined.



From: Hillary Nelson via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Monday, August 28, 2017 7:11 PM
To: packetfence-users@lists.sourceforge.net
Cc: Hillary Nelson
Subject: [PacketFence-users] packetfence webauth WLC redirect - how it works?



We plan to use the packetfence web auth like WLC as mentioned here:
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth

but I am not clear exactly  how the users traffic gets redirected to the WLC
URL, is there any trick that the WLC DHCP server does that can redirect client 
traffic to it?

Thanks!



Hillary



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Ruckus SmartZone and PF Captive portal.

[Tomasz Karczewski via PacketFence-users]

Hi,

 

I've got some problems with integration of PF with Ruckus Smartzone.

I set up everything as in the manual but I can't register device.

Controller redirected user to the captive portal but PF doesn't use proper
portal profile that it should.

I set up portal profile that should match all ssid and connection type nad I
got in logs:

 

According to rules in fetchRoleForNode this node must be kicked out.
Returning USERLOCK (pf::Switch::handleRadiusDeny).

 

On the captive portal site is "You do not have permission to register a
device with this username".

 

Did anybody has problems like that?

 

Tnx for response.

 

PS. My PF version is 6.5.1

 

Tomasz Karczewski

Administrator Sieci

 

olman

 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 



smime.p7s
Description: S/MIME cryptographic signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users