Re: [PacketFence-users] Radius authentication
+} # group authorize = updated
Found Auth-Type = Accept
Auth-Type = Accept,
accepting the user
Login OK: [ismael] (from client
PacketFence-ZEN-5-3.local port 0)
} # server packetfence
# Executing section
post-auth from file /usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec]
= noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS
&& EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS
)?? Skipping (EAP-Type != PEAP)++? if (!EAP-Type || (EAP-Type != EAP-TTLS &&
EAP-Type != PEAP)) -> TRUE++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type
!= PEAP)) {+++update control {+++} # update control = nooprlm_perl: MAC address
is empty or invalid in this request. It could be normal on certain radius
callsrlm_perl: Added pair User-Name = ismaelrlm_perl: Added pair User-Password
= 12345678rlm_perl: Added pair NAS-IP-Address = 192.168.100.5rlm_perl: Added
pair FreeRADIUS-Client-IP-Address = 192.168.100.5rlm_perl: Added pair
PacketFence-RPC-Pass =rlm_perl: Added pair PacketFence-RPC-Server =
127.0.0.1rlm_perl: Added pair PacketFence-RPC-User =rlm_perl: Added pair
PacketFence-RPC-Proto = httprlm_perl: Added pair Auth-Type = Acceptrlm_perl:
Added pair PacketFence-RPC-Port = 7070+++[packetfence] = reject++} # if
(!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = reject+} # group
post-auth = rejectUsing Post-Auth-Type Reject# Executing group from file
/usr/local/pf/raddb//sites-enabled/packetfence+group REJECT
{[attr_filter.access_reject] expand: %{User-Name} -> ismaelattr_filter:
Matched entry DEFAULT at line 11++[attr_filter.access_reject] = updated+} #
group REJECT = updatedDelaying reject of request 1 for 1 secondsGoing to the
next requestWaking up in 0.9 seconds.Sending delayed reject for request
1Sending Access-Reject of id 20 to 192.168.100.5 port 55170Waking up in 4.9
seconds.Cleaning up request 1 ID 20 with timestamp +35Ready to process requests.
To: packetfence-users@lists.sourceforge.net
From: fdur...@inverse.ca
Date: Tue, 10 Nov 2015 21:20:22 -0500
Subject: Re: [PacketFence-users] Radius authentication
Hello Ismael,
you created a user in radius but it probably doesn't exist on
packetfence side. (check packetfence.log)
So remove what you did in /usr/local/pf/raddb/users and follow this
documentation:
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#option-5-eap-local-user-authentication
Also don't forget to create a portal profile with a specific filter
(like SSID, switch ... that match your connection) and add local
authentication source.
Then retry.
Regards
Fabrice
Le 2015-11-10 21:04, ismael flavio
silva a écrit :
Hello :)
I am locally test the radius. He appears to accept any user or
password, and log accuses a problem with the mac-address.
I see in the community but everybody uses AD or an equivalent
server.
LOG
/usr/local/pf/logs/radius.log
Tue Nov 10 20:56:47 2015 : Auth: Login OK: [ismael] (from client
PacketFence-ZEN-5-3.local port 0)
Tue Nov 10 20:56:47 2015 : Info: rlm_perl: MAC address is empty
or invalid in this request. It could be normal on certain radius
calls
---
/usr/sbin/radiusd -d /usr/local/pf/raddb/ -X
..
..
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
virtual_server = "packetfence"
ipaddr = 192.168.100.5
port = 0
}
listen {
type = "acct"
virtual_server = "packetfence"
ipaddr = 192.168.100.5
port = 0
}
listen {
type = "control"
listen
Re: [PacketFence-users] Doubt about radius
hello, I do not have help from anyone and never set up a NAC before. The project work correctly.My problem is in the radius of validation, the manual says to validate locally have to put in / usr / local / pf / raddb / usersusername Cleartext-Password: = "password"and I haveIsmael Cleartext-Password: = "1234"it is necessary port-security -> also configured on the switch802.1x is necessary -> also configured on the switcheven here I think not lack anything. I saw that I can not validate the client locally. The radius server appears to the busy ports Can be something simple, but in my course does not have a solid bases in networking. I have no help of teachers, have no help from anyone. Missing only this part. Thanks From: lmu...@inverse.ca Date: Fri, 6 Nov 2015 09:21:54 -0500 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Doubt about radius On Nov 5, 2015, at 23:41 , ismael flavio silva <ismael.f...@hotmail.com> wrote:How do I use this command? "snmpwalk -v -c 2c público 192.168.137.154 0,1" I don’t think I have ever written this before, but have you considered reading the man page? If I understand your messages correctly you are doing this for a school project, right? Well then I don’t see why anyone should do the actual work of learning in your place. If you manage to graduate without knowing how to read a manpage your university has failed you and the rest of us. -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Doubt about radius
Hello I have a doubt I'm setting up the PF 5.4.0 with the service radius (dlink 2000 AP +) the manual says the process has to be done with the port-security. - It is necessary to add the AP in floating device. - The PF 5.4.0 know that is the floating device and automatically configures for port-security. but I have a problem, Cisco does not accept me devices due to the violation. As PF automatic configure what can I do to solve the problem? PF LOG Nov 05 18:49:59 pfsetvlan(2) WARN: couldn't get MAC at ifIndex 1. This is a problem. (pf::Switch::_getMacAtIfIndex) Nov 05 18:49:59 pfsetvlan(2) WARN: Tried to grab MAC address at ifIndex 1 on switch 192.168.137.254 for 2 minutes and failed (main::handleTrap) Nov 05 18:49:59 pfsetvlan(2) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap) Nov 05 18:49:59 pfsetvlan(2) INFO: finished (main::cleanupAfterThread) Nov 05 18:50:09 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Nov 05 18:50:09 pfsetvlan(1) INFO: up trap received on 192.168.137.254 ifIndex 20 (main::handleTrap) Nov 05 18:50:09 pfsetvlan(1) INFO: The logs shows that the last device pluged was a floating network device. We may have missedthe LinkDown trap. Disabling floating network device configuration on the port. (main::handleTrap) Nov 05 18:50:09 pfsetvlan(1) INFO: Disabling LinkDown traps on port 20 (pf::floatingdevice::disablePortConfig) Nov 05 18:50:09 pfsetvlan(1) INFO: Setting port 20 to MAC detection Vlan. (pf::floatingdevice::disablePortConfig) Nov 05 18:50:09 pfsetvlan(1) INFO: There is a floating device on 192.168.137.254 port 20 (pf::floatingdevice::portHasFloatingDevice) Nov 05 18:50:09 pfsetvlan(1) ERROR: Use of uninitialized value $mac in concatenation (.) or string at /usr/local/pf/lib/pf/locationlog.pm line 502. (pf::locationlog::locationlog_synchronize) Nov 05 18:50:09 pfsetvlan(1) INFO: Not adding locationlog entry for mac because it's plugged in a floating device enabled port (pf::locationlog::locationlog_synchronize) Nov 05 18:50:09 pfsetvlan(1) INFO: Should set 192.168.137.254 ifIndex 20 to VLAN 4 but it is already in this VLAN -> Do nothing (pf::Switch::setVlan) Nov 05 18:50:09 pfsetvlan(1) INFO: Enabling access control on port 20 (pf::floatingdevice::disablePortConfig) Nov 05 18:50:10 pfsetvlan(1) WARN: couldn't get MAC at ifIndex 20. This is a problem. (pf::Switch::_getMacAtIfIndex) Nov 05 18:50:10 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Nov 05 18:50:15 pfsetvlan(4) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Nov 05 18:50:15 pfsetvlan(4) INFO: MAC 02:00:00:00:00:20 is a fake MAC. Stop mac handling (main::handleTrap) Nov 05 18:50:15 pfsetvlan(4) INFO: finished (main::cleanupAfterThread) CISCO LOG Switch# 00:05:29: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address c8f7.335f.975e on port FastEthernet0/20. Thanks -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] scan vulnerability DEBUG
I use PF 5.4.0 Nessus 6.5 The PF communicates with nessus, but only makes the scan manually, directly on the node. I want the scan is done automatically, when I turn the computer on the network. I want to see through log, what's wrong :) Thanks-- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Scan
Hello, I am a student and I'm doing a job for the end of the course. - i use PF 5.4.0 - Vlan mode - Vlan work I applied the patch to nessus 6. I want to use nessus to isolate clients, I need something? 802.1x active type? according to the guide I have to be at pf.conf ip port username password and violations also with some fields. gives me an idea, this escape something Thanks-- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Nessus scan
hello, ok I will apply patch Thanks Fabrice I have a doubt. I read in the PF administration guide that there is a problem with module Net :: Nessus :: XMLRPC this module already comes installed with the PF? or must be installed? I think that's why the PF can not call the nessus to scan the client. sorry my bad english :) Thanks To: packetfence-users@lists.sourceforge.net From: fdur...@inverse.ca Date: Tue, 13 Oct 2015 20:38:53 -0400 Subject: Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG Hello, yes you need to apply the patch. Regards Fabrice Le 2015-10-13 17:50, ismael flavio silva a écrit : hello, ok.. works :) thanks I have a question... I was using the PF 5.3.1 and wanted to use nessus to scan the client They said they needed a patch on the PF 5.4.0 i need it? here the patch: https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff So in /usr/local/pf/ do: wget https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff patch -p1 --dry-run < 647.diff patch -p1 < 647.diff rpm -ivh http://inverse.ca/downloads/PacketFence/RHEL6/devel/x86_64/RPMS/perl-Net-Nessus-REST-0.2-3.4.noarch.rpm "Then restart packetfence , when it's done go in scan engine and you will see a new scan engine nessus6." sorry my bad english :) Thanks From: lmu...@inverse.ca Date: Mon, 12 Oct 2015 07:42:32 -0400 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG That bug is fixed in maintenance. Run # perl /usr/local/pf/addons/pf-maint.pl Why are you starting those services? Unless you use port security you should not need them. -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 10, 2015, at 21:40 , ismael flavio silva <ismael.f...@hotmail.com> wrote: Hello I am installing pf 5:40 to enforce vlan when selected the pfsetvan and snmptrapd to start, it displays this error packefence.log ERROR: Failed to load module pf :: Switch :: packetfence: packetfence (mp :: :: SwitchFactory getModule) ERROR: Can not load perl module switch is 127.0.0.1, type: packetfence. The type is unknown or perl module has compilation errors (please SwitchFactory :: :: _ ANON__) pfcmd.pl (4740) FATAL: Can't call mothod "new" on an undefined value at /usr/local/pf/lib/pf/SwitchFactory.pm line 165 at the first start all ok. I deleted the switch´s default and added my swicth. Not work anymore :( Thanks -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/
Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG
hello, ok.. works :) thanks I have a question... I was using the PF 5.3.1 and wanted to use nessus to scan the client They said they needed a patch on the PF 5.4.0 i need it? here the patch: https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff So in /usr/local/pf/ do: wget https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff patch -p1 --dry-run < 647.diff patch -p1 < 647.diff rpm -ivh http://inverse.ca/downloads/PacketFence/RHEL6/devel/x86_64/RPMS/perl-Net-Nessus-REST-0.2-3.4.noarch.rpm "Then restart packetfence , when it's done go in scan engine and you will see a new scan engine nessus6." sorry my bad english :) Thanks From: lmu...@inverse.ca Date: Mon, 12 Oct 2015 07:42:32 -0400 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG That bug is fixed in maintenance. Run # perl /usr/local/pf/addons/pf-maint.pl Why are you starting those services?Unless you use port security you should not need them. --Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 10, 2015, at 21:40 , ismael flavio silva <ismael.f...@hotmail.com> wrote:Hello I am installing pf 5:40 to enforce vlan when selected the pfsetvan and snmptrapd to start, it displays this error packefence.log ERROR: Failed to load module pf :: Switch :: packetfence: packetfence (mp :: :: SwitchFactory getModule) ERROR: Can not load perl module switch is 127.0.0.1, type: packetfence. The type is unknown or perl module has compilation errors (please SwitchFactory :: :: _ ANON__) pfcmd.pl (4740) FATAL: Can't call mothod "new" on an undefined value at /usr/local/pf/lib/pf/SwitchFactory.pm line 165 at the first start all ok. I deleted the switch´s default and added my swicth. Not work anymore :( Thanks--___PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG
Hello I am installing pf 5:40 to enforce vlan when selected the pfsetvan and snmptrapd to start, it displays this error packefence.log ERROR: Failed to load module pf :: Switch :: packetfence: packetfence (mp :: :: SwitchFactory getModule) ERROR: Can not load perl module switch is 127.0.0.1, type: packetfence. The type is unknown or perl module has compilation errors (please SwitchFactory :: :: _ ANON__) pfcmd.pl (4740) FATAL: Can't call mothod "new" on an undefined value at /usr/local/pf/lib/pf/SwitchFactory.pm line 165 at the first start all ok. I deleted the switch´s default and added my swicth. Not work anymore :( Thanks -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] pfsetvlan OK not internet client
Hello someone can help me? I have internet at PF server, but i can not pass on to clients when I'm registered the server should, not connect me to the Internet? thanks Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 20:30 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] pfsetvlan OK not internet client Hello I try to create this network production network -> network with internet guest network -> network with internet isolated network -> customer problems (vulnerabilities) for this I have 192.168.100.5 -> management (not dhcp) 192.168.20.1 -> register (dhcp) 192.168.30.1 -> isolated (dhcp) 182.168.200.1 -> guest (dhcp) 192.168.50.1 -> laboratory (dhcp) communication with the Cisco 2950 switch ok vlan's in cisco vlan 2 -> register vlan 3 -> isolated vlan 4 -> macdectition vlan 200 -> guest vlan 50 -> laboratory it assigns the correct vlan, but do not have internet I have 2 adapter's eth0 -> PF WLAN -> connected to the Internet PS: I'm not using port-security The log is possible to see in assigning the client to vlan 50 (correct vlan), but no internet, any idea? packetfence log: Oct 09 20:19:26 pfsetvlan(3) INFO: setting 192.168.100.254 port 20 to MAC detection VLAN (main::handleTrap) Oct 09 20:19:26 pfsetvlan(3) INFO: Should set 192.168.100.254 ifIndex 20 to VLAN 4 but it is already in this VLAN -> Do nothing (pf::Switch::setVlan) Oct 09 20:19:26 pfsetvlan(3) INFO: MAC learnt traps are configured on this switch port. Stopping UP trap handling here (main::handleTrap) Oct 09 20:19:26 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Oct 09 20:19:28 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 09 20:19:28 pfsetvlan(5) INFO: learnt trap received on 192.168.100.254 ifIndex 20 for 00:0b:6a:78:5c:12 in VLAN 4 (main::handleTrap) Oct 09 20:19:28 pfsetvlan(5) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 192.168.100.254 (main::do_port_security) Oct 09 20:19:28 pfsetvlan(5) INFO: MAC not found on node's previous switch secure table or switch inaccessible. (main::do_port_security) Oct 09 20:19:29 pfsetvlan(5) INFO: Learnt trap received for 00:0b:6a:78:5c:12. Old MAC 50:b7:c3:8d:8e:1e already connected to the port according to locationlog ! (main::handleTrap) Oct 09 20:19:29 pfsetvlan(5) INFO: [00:0b:6a:78:5c:12] Can't find provisioner (pf::vlan::getNormalVlan) Oct 09 20:19:29 pfsetvlan(5) INFO: Found 'Device' entry with ID '26' in schema 'Upstream' (fingerbank::Base::CRUD::read) Oct 09 20:19:29 pfsetvlan(5) INFO: Device ID '26' have at least 1 parent. Building parent(s) list (fingerbank::Model::Device::read) Oct 09 20:19:29 pfsetvlan(5) INFO: Found 'Device' entry with ID '1' in schema 'Upstream' (fingerbank::Base::CRUD::read) Oct 09 20:19:29 pfsetvlan(5) INFO: Device 'Microsoft Windows XP (Version 5.1, 5.2)' is a Windows based device (fingerbank::Query::isWindows) Oct 09 20:19:29 pfsetvlan(5) INFO: [00:0b:6a:78:5c:12] Can't find scan engine (pf::vlan::getNormalVlan) Oct 09 20:19:29 pfsetvlan(5) INFO: [00:0b:6a:78:5c:12] Username was NOT defined or unable to match a role - returning node based role 'Laboratorio_PI' (pf::vlan::getNormalVlan) Oct 09 20:19:29 pfsetvlan(5) INFO: [00:0b:6a:78:5c:12] PID: "tiago", Status: reg Returned VLAN: 50, Role: Laboratorio_PI (pf::vlan::fetchVlanForNode) Oct 09 20:19:29 pfsetvlan(5) INFO: setting VLAN at 192.168.100.254 ifIndex 20 from 4 to 50 (pf::Switch::setVlan) Oct 09 20:19:29 pfsetvlan(5) INFO: finished (main::cleanupAfterThread) Oct 09 20:19:32 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 09 20:19:32 pfsetvlan(1) INFO: learnt trap received on 192.168.100.254 ifIndex 20 for 00:0b:6a:78:5c:12 in VLAN 50 (main::handleTrap) Oct 09 20:19:32 pfsetvlan(1) INFO: Memory configuration is not valid anymore for key config::Pf in local cached_hash (pfconfig::cached::is_valid) Oct 09 20:19:33 pfsetvlan(1) INFO: Memory configuration is not valid anymore for key interfaces::internal_nets in local cached_hash (pfconfig::cached::is_valid) Oct 09 20:19:33 pfsetvlan(1) INFO: [00:0b:6a:78:5c:12] Can't find provisioner (pf::vlan::getNormalVlan) Oct 09 20:19:33 pfsetvlan(1) INFO: Found 'Device' entry with ID '26' in schema 'Upstream' (fingerbank::Base::CRUD::read) Oct 09 20:19:33 pfsetvlan(1) INFO: Device ID '26' have at least 1 parent. Building parent(s) list (fingerbank::Model::Device::read) Oct 09 20:19:33 pfsetvlan(1) INFO: Found 'Device' entry with ID '1' in schema 'Upstream' (fingerbank::Base::CRUD::read) Oct 09 20:19:33 pfsetvlan(1) INFO: Device 'Microsoft Windows XP (Version 5.1, 5.2)' is a Windows based device (fingerbank::Query::isWindows) Oct 09 20:19:33 pfsetvlan(1) INFO: [00:0b:6a:78:5c:12] Can't find scan engine (pf::vlan::getNormalV
Re: [PacketFence-users] pfsetvlan problem
Hello, problem on cisco as is the 2950 so this puts the trunk vlan above the 1002, otherwise you must manually add. I added the vlan 200. work :) I want to add the internet to this vlan (producao) PF uses the eth0 I have a wlan0 plate with internet thanks Enviado do Correio para Windows 10 De: Fabrice DURAND Enviado: 9 de outubro de 2015 16:41 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] pfsetvlan problem Hello, Le 2015-10-09 11:24, ismael flavio silva a écrit : > > Hello, > > > > I am using vlan enforcement > > > > - OS: Centos 6.7 > > - PF 5.3.1 (is not ZEN) > > - Cisco equipment in 2950 > > > > the idea was to connect a PC to cisco and connect to internet, case it > is registered on packetfence, or isolate, case present vulnerabilities. > > > > part of the problem solved. > > > > create a new vlan registration, added the switch.conf (new vlan), and > added to the vlan on cisco > > > > in packetfence.log it changes the vlan 4 (macdetetction) to vlan 2 > (registration), after the registration he goes to vlan 200 (vlan > production), this far ok :) > That is perfect ! > > > > problem: > > > > he does not give, dhcp (vlan production) > > > This is normal, on your production network (vlan 200) your dhcp/dns must work, this is not the job of packetfence (it allow your device to go on the prod network, that is all). Now on the vlan 200 you have to configure your own dhcp and dns and gateway ... Regards Fabrice > checked > > > > network.conf ok > > pf.conf ok > > ifcfg-eth0.200 ok > > > > Thanks > > > > > > > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *Fabrice DURAND > *Enviado: *9 de outubro de 2015 14:00 > *Para: *packetfence-users@lists.sourceforge.net > *Assunto: *Re: [PacketFence-users] pfsetvlan problem > > > > > > Hello, > > what are you trying to do ? > What switch are you using ? > Are you using inline ,out of band or web-auth ? > > You are not clear in your questions, it just like "it doesn't work, > help me !" > > Start your configuration simple, and forget nessus for now and follow > this guide : > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.4.0.pdf > > Regards > Fabrice > > Le 2015-10-08 21:47, ismael flavio silva a écrit : > > hello > > > > It was a bad configuration on switch > > > > check in the community :) > > > > i have two problems: > > > > 1ª > > PF start vlan 4 macDetetction -> vlan 2 registrtion (registration > ok) -> vlan 4 again :( > > > > its should go to vlan 1 (normal vlan), but vlan 1 it is vlan > management this vlan not used DHCP... hum > > > > I have to create a new vlan to have internet? > > > > 2ª > > I can not isolate a xp wndows with nessus > > > > thanks > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *ismael flavio silva > *Enviado: *9 de outubro de 2015 01:21 > *Para: *ismael flavio silva > *Assunto: *RE: [PacketFence-users] pfsetvlan problem > > > > > > Hello, > > > > I already solve :) > > > > I wanted to isolate a windows xp, but he can not isolate > > > > I created a scan with Nessus, but does nothing L > > > > thanks > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *ismael flavio silva > *Enviado: *9 de outubro de 2015 01:17 > *Para: *packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > *Assunto: *[PacketFence-users] pfsetvlan problem > > > > > > Hello > > > > I used vlan enforcement > > > > presents this error: (packetfence.log) > > > > pfsetvlan(3) WARN: Can´t determine Uplinks for the switch > (192.168.100.254) -> do nothing (pf::vlan::doWeActOnThisTrap) > > pfsetvlan(3) INFO: doWeActiOnThisTrap returns false. Stop up > handling (main::handleTrap) > > pfsetvlan(3) INFO: finished (main::cleanupAfter
Re: [PacketFence-users] pfsetvlan OK not internet client
tionlog is already up2date. Do nothing (main::handleTrap) Oct 09 20:19:33 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 17:38 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] pfsetvlan problem Hello, problem on cisco as is the 2950 so this puts the trunk vlan above the 1002, otherwise you must manually add. I added the vlan 200. work :) I want to add the internet to this vlan (producao) PF uses the eth0 I have a wlan0 plate with internet thanks Enviado do Correio para Windows 10 De: Fabrice DURAND Enviado: 9 de outubro de 2015 16:41 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] pfsetvlan problem Hello, Le 2015-10-09 11:24, ismael flavio silva a écrit : > > Hello, > > > > I am using vlan enforcement > > > > - OS: Centos 6.7 > > - PF 5.3.1 (is not ZEN) > > - Cisco equipment in 2950 > > > > the idea was to connect a PC to cisco and connect to internet, case it > is registered on packetfence, or isolate, case present vulnerabilities. > > > > part of the problem solved. > > > > create a new vlan registration, added the switch.conf (new vlan), and > added to the vlan on cisco > > > > in packetfence.log it changes the vlan 4 (macdetetction) to vlan 2 > (registration), after the registration he goes to vlan 200 (vlan > production), this far ok :) > That is perfect ! > > > > problem: > > > > he does not give, dhcp (vlan production) > > > This is normal, on your production network (vlan 200) your dhcp/dns must work, this is not the job of packetfence (it allow your device to go on the prod network, that is all). Now on the vlan 200 you have to configure your own dhcp and dns and gateway ... Regards Fabrice > checked > > > > network.conf ok > > pf.conf ok > > ifcfg-eth0.200 ok > > > > Thanks > > > > > > > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *Fabrice DURAND > *Enviado: *9 de outubro de 2015 14:00 > *Para: *packetfence-users@lists.sourceforge.net > *Assunto: *Re: [PacketFence-users] pfsetvlan problem > > > > > > Hello, > > what are you trying to do ? > What switch are you using ? > Are you using inline ,out of band or web-auth ? > > You are not clear in your questions, it just like "it doesn't work, > help me !" > > Start your configuration simple, and forget nessus for now and follow > this guide : > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.4.0.pdf > > Regards > Fabrice > > Le 2015-10-08 21:47, ismael flavio silva a écrit : > > hello > > > > It was a bad configuration on switch > > > > check in the community :) > > > > i have two problems: > > > > 1ª > > PF start vlan 4 macDetetction -> vlan 2 registrtion (registration > ok) -> vlan 4 again :( > > > > its should go to vlan 1 (normal vlan), but vlan 1 it is vlan > management this vlan not used DHCP... hum > > > > I have to create a new vlan to have internet? > > > > 2ª > > I can not isolate a xp wndows with nessus > > > > thanks > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *ismael flavio silva > *Enviado: *9 de outubro de 2015 01:21 > *Para: *ismael flavio silva > *Assunto: *RE: [PacketFence-users] pfsetvlan problem > > > > > > Hello, > > > > I already solve :) > > > > I wanted to isolate a windows xp, but he can not isolate > > > > I created a scan with Nessus, but does nothing L > > > > thanks > > > > Enviado do Correio <http://go.microsoft.com/fwlink/?LinkId=550986> > para Windows 10 > > > > > > > *De: *ismael flavio silva > *Enviado: *9 de outubro de 2015 01:17 > *Para: *packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > *Assunto: *[PacketFence-users] pfsetvlan problem > > > > > > Hello > > > > I used vlan enforcement > > > > presents this error: (packetfence.log) > >
Re: [PacketFence-users] pfsetvlan problem
Hello, I am using vlan enforcement - OS: Centos 6.7 - PF 5.3.1 (is not ZEN) - Cisco equipment in 2950 the idea was to connect a PC to cisco and connect to internet, case it is registered on packetfence, or isolate, case present vulnerabilities. part of the problem solved. create a new vlan registration, added the switch.conf (new vlan), and added to the vlan on cisco in packetfence.log it changes the vlan 4 (macdetetction) to vlan 2 (registration), after the registration he goes to vlan 200 (vlan production), this far ok :) problem: he does not give, dhcp (vlan production) checked network.conf ok pf.conf ok ifcfg-eth0.200 ok Thanks Enviado do Correio para Windows 10 De: Fabrice DURAND Enviado: 9 de outubro de 2015 14:00 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] pfsetvlan problem Hello, what are you trying to do ? What switch are you using ? Are you using inline ,out of band or web-auth ? You are not clear in your questions, it just like "it doesn't work, help me !" Start your configuration simple, and forget nessus for now and follow this guide : http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.4.0.pdf Regards Fabrice Le 2015-10-08 21:47, ismael flavio silva a écrit : hello It was a bad configuration on switch check in the community :) i have two problems: 1ª PF start vlan 4 macDetetction -> vlan 2 registrtion (registration ok) -> vlan 4 again :( its should go to vlan 1 (normal vlan), but vlan 1 it is vlan management this vlan not used DHCP... hum I have to create a new vlan to have internet? 2ª I can not isolate a xp wndows with nessus thanks Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 01:21 Para: ismael flavio silva Assunto: RE: [PacketFence-users] pfsetvlan problem Hello, I already solve :) I wanted to isolate a windows xp, but he can not isolate I created a scan with Nessus, but does nothing ☹ thanks Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 01:17 Para: packetfence-users@lists.sourceforge.net Assunto: [PacketFence-users] pfsetvlan problem Hello I used vlan enforcement presents this error: (packetfence.log) pfsetvlan(3) WARN: Can´t determine Uplinks for the switch (192.168.100.254) -> do nothing (pf::vlan::doWeActOnThisTrap) pfsetvlan(3) INFO: doWeActiOnThisTrap returns false. Stop up handling (main::handleTrap) pfsetvlan(3) INFO: finished (main::cleanupAfterThread) researched and appears to be snmptrapd.conf but exist different three against the system! look /usr/local/pf/var/conf/snmtrapd.conf /usr/local/pf/conf/snmtrapd.conf /etc/snmp/snmtrapd.conf how to solve the problema? Thanks Enviado do Correio para Windows 10 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] pfsetvlan problem
Hello I used vlan enforcement presents this error: (packetfence.log) pfsetvlan(3) WARN: Can´t determine Uplinks for the switch (192.168.100.254) -> do nothing (pf::vlan::doWeActOnThisTrap) pfsetvlan(3) INFO: doWeActiOnThisTrap returns false. Stop up handling (main::handleTrap) pfsetvlan(3) INFO: finished (main::cleanupAfterThread) researched and appears to be snmptrapd.conf but exist different three against the system! look /usr/local/pf/var/conf/snmtrapd.conf /usr/local/pf/conf/snmtrapd.conf /etc/snmp/snmtrapd.conf how to solve the problema? Thanks Enviado do Correio para Windows 10 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] pfsetvlan problem
hello It was a bad configuration on switch check in the community :) i have two problems: 1ª PF start vlan 4 macDetetction -> vlan 2 registrtion (registration ok) -> vlan 4 again :( its should go to vlan 1 (normal vlan), but vlan 1 it is vlan management this vlan not used DHCP... hum I have to create a new vlan to have internet? 2ª I can not isolate a xp wndows with nessus thanks Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 01:21 Para: ismael flavio silva Assunto: RE: [PacketFence-users] pfsetvlan problem Hello, I already solve :) I wanted to isolate a windows xp, but he can not isolate I created a scan with Nessus, but does nothing ☹ thanks Enviado do Correio para Windows 10 De: ismael flavio silva Enviado: 9 de outubro de 2015 01:17 Para: packetfence-users@lists.sourceforge.net Assunto: [PacketFence-users] pfsetvlan problem Hello I used vlan enforcement presents this error: (packetfence.log) pfsetvlan(3) WARN: Can´t determine Uplinks for the switch (192.168.100.254) -> do nothing (pf::vlan::doWeActOnThisTrap) pfsetvlan(3) INFO: doWeActiOnThisTrap returns false. Stop up handling (main::handleTrap) pfsetvlan(3) INFO: finished (main::cleanupAfterThread) researched and appears to be snmptrapd.conf but exist different three against the system! look /usr/local/pf/var/conf/snmtrapd.conf /usr/local/pf/conf/snmtrapd.conf /etc/snmp/snmtrapd.conf how to solve the problema? Thanks Enviado do Correio para Windows 10 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Nessus scan.... remotescan.nessus?
Hello, how can I install this patch? For nessus 6 Software: - PacketFenceversion 5.3.1 - Nessus6 64bit (lastest version) I found it https://rt.cpan.org/Public/Bug/Display.html?id=78274 how can I install this patch? thanks Enviado do Correio para Windows 10 De: Durand fabrice Enviado: 8 de outubro de 2015 02:07 Para: packetfence-users@lists.sourceforge.net Assunto: Re: [PacketFence-users] Nessus scan remotescan.nessus? Hello, first question, what is the version of your nessus server ? If it's version 6 then you will have to apply a patch to your installation. Regards Fabrice Le 2015-10-07 11:43, ismael flavio silva a écrit : Hello I'm trying to put nessus to work with packetfence packetfence (local) nessus (local) pf.conf [scan] engine = nessus registration = enabled duration = 60s host = 127.0.0.1 user = root pass = toor nessus_port = 8834 I saw somewhere that it is necessary to put the remotescan.nessus file. i have to put it? Enviado do Correio para Windows 10 -- Full-scale, agent-less Infrastructure Monitoring from a single dashboard Integrate with 40+ ManageEngine ITSM Solutions for complete visibility Physical-Virtual-Cloud Infrastructure monitoring from one console Real user monitoring with APM Insights and performance trend reports Learn More http://pubads.g.doubleclick.net/gampad/clk?id=247754911=/4140 ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Nessus scan.... remotescan.nessus?
Hello I'm trying to put nessus to work with packetfence packetfence (local) nessus (local) pf.conf [scan] engine = nessus registration = enabled duration = 60s host = 127.0.0.1 user = root pass = toor nessus_port = 8834 I saw somewhere that it is necessary to put the remotescan.nessus file. i have to put it? Enviado do Correio para Windows 10 -- Full-scale, agent-less Infrastructure Monitoring from a single dashboard Integrate with 40+ ManageEngine ITSM Solutions for complete visibility Physical-Virtual-Cloud Infrastructure monitoring from one console Real user monitoring with APM Insights and performance trend reports Learn More http://pubads.g.doubleclick.net/gampad/clk?id=247754911=/4140___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] 802.1X does not work (simple situation)
Hello how do I test the radius server locally? 802.1x does not work :( equipment cisco 2950 Dlink DWL 2100AP HELP ME!!! [root@PacketFence-ZEN-5-3 raddb]# radtest producao1 1234 127.0.0.1 0 testing123 Sending Access-Request of id 215 to 127.0.0.1 port 1812 User-Name = "producao1" User-Password = "1234" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x Sending Access-Request of id 215 to 127.0.0.1 port 1812 User-Name = "producao1" User-Password = "1234" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x Sending Access-Request of id 215 to 127.0.0.1 port 1812 User-Name = "producao1" User-Password = "1234" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x radclient: no response from server for ID 215 socket 3 Enviado do Correio para Windows 10 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
