Re: [PacketFence-users] Help with IP Tables and Processor usage question

[Zammit, Ludovic via PacketFence-users]

Hello David,

Can you show the output of the top command and show it here?

Thanks

Ludovic Zammit
Product Support Engineer Principal Lead

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us: <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Jan 29, 2024, at 5:49 PM, David Moore  wrote:
> 
> 13.0, before that I'm not sure, but it was 12.x
> 
> Get Outlook for Android 
> <https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKtBonPiU$>
> 
> From: Zammit, Ludovic 
> Sent: Monday, January 29, 2024 4:27:55 PM
> To: PacketFence-users 
> Cc: David Moore 
> Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage 
> question
> 
> Hello David,
> 
> What was the previous PF version before the upgrade?
> 
> Thanks,
> 
> Ludovic Zammit
> Product Support Engineer Principal Lead
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:   <https://community.akamai.com/>  
> <http://blogs.akamai.com/>  
> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK0citiyA$>
>   
> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKmB9CJFY$>
>   
> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK82QPJ78$>
>   
> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKcEpHcjA$>
> 
>> On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users 
>>  wrote:
>> 
>> I recently upgraded to PF 13.1 and have had a few issues, most of which I 
>> have been able to resolve. The only lingering issue I'm aware of is with IP 
>> Tables, but I'm not positive it's something to be concerned about because PF 
>> is working. 
>> 
>> My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of 
>> RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 
>> nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD 
>> devices) memory and disk space are fine but the CPU is constantly at 5Ghz of 
>> consumption (is that normal for the processor?)
>> 
>> Please see the details from packetfence.log and from systemctl status 
>> packetfence-iptables below:
>> 
>> packetfence.log:
>> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) 
>> INFO: [mac:[undef]] getting security_events triggers for accounting cleanup 
>> (pf::accounting::acct_maintenance)
>> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) 
>> INFO: [mac:[undef]] processed 0 security_events during security_event 
>> maintenance (1706193787.30847 1706193787.36479) 
>> (pf::security_event::security_event_maintenance)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing 
>> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using 
>> IPSET (pf::ipset::iptables_generate)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing 
>> iptables (pf::ipset::iptables_flush_mangle)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
>> rules to allow connections to the OAuth2 Providers and passthrough. 
>> (pf::iptables::generate_passthrough_rules)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
>> passthrough for connectivitycheck.gstatic.com 
>> <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$>
>>  (pf::iptables::generate_passthrough_rules)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
>> Masquerade statement. (pf::iptables::generate_passthrough_rules)
>> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring 
>> iptables from /usr/local/p

Re: [PacketFence-users] Help with IP Tables and Processor usage question

[Zammit, Ludovic via PacketFence-users]

Perfect, could do the same bit when you are in top hit the key “c” that will 
develop the processes behind the perl process.

Thanks,

Ludovic Zammit
Product Support Engineer Principal Lead

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us: <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Feb 1, 2024, at 1:28 PM, David Moore  wrote:
> 
> 
> 
> The perl process comes and goes, it will show up at the top between 60-90+ 
> percent and then disappear
> 
> 
> From: Zammit, Ludovic
> Sent: Thursday, February 1, 2024 1:15 PM
> To: David Moore
> Cc: PacketFence-users
> Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage 
> question
> 
> Hello David,
> 
> Can you show the output of the top command and show it here?
> 
> Thanks
> 
> Ludovic Zammit
> Product Support Engineer Principal Lead
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:   <https://community.akamai.com/>  
> <http://blogs.akamai.com/>  
> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4olNaxh4$>
>   
> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4N72Q2c0$>
>   
> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4M8K_2u8$>
>   
> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4xCiMhuA$>
> 
> On Jan 29, 2024, at 5:49 PM, David Moore  wrote:
> 
> 13.0, before that I'm not sure, but it was 12.x
> 
> Get Outlook for Android 
> <https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKtBonPiU$>
> 
> From: Zammit, Ludovic 
> Sent: Monday, January 29, 2024 4:27:55 PM
> To: PacketFence-users 
> Cc: David Moore 
> Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage 
> question
> 
> Hello David,
> 
> What was the previous PF version before the upgrade?
> 
> Thanks,
> 
> Ludovic Zammit
> Product Support Engineer Principal Lead
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:   <https://community.akamai.com/>  
> <http://blogs.akamai.com/>  
> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK0citiyA$>
>   
> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKmB9CJFY$>
>   
> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK82QPJ78$>
>   
> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKcEpHcjA$>
> 
> On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users 
>  wrote:
> 
> I recently upgraded to PF 13.1 and have had a few issues, most of which I 
> have been able to resolve. The only lingering issue I'm aware of is with IP 
> Tables, but I'm not positive it's something to be concerned about because PF 
> is working. 
> 
> My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of 
> RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 
> nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD 
> devices) memory and disk space are fine but the CPU is constantly at 5Ghz of 
> consumption (is that normal for the processor?)
> 
> Please see the details from packetfence.log and from systemctl status 
> packetfence-iptables below:
> 
> packetfence.log:
> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
> [mac:[undef]] getting security_events triggers for accounting cleanup 
> (pf::accounting::acct_maintenance)
> Jan 25 0

Re: [PacketFence-users] Help with IP Tables and Processor usage question

[Zammit, Ludovic via PacketFence-users]

Hello David,

What was the previous PF version before the upgrade?

Thanks,

Ludovic Zammit
Product Support Engineer Principal Lead

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users 
>  wrote:
> 
> I recently upgraded to PF 13.1 and have had a few issues, most of which I 
> have been able to resolve. The only lingering issue I'm aware of is with IP 
> Tables, but I'm not positive it's something to be concerned about because PF 
> is working. 
> 
> My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of 
> RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 
> nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD 
> devices) memory and disk space are fine but the CPU is constantly at 5Ghz of 
> consumption (is that normal for the processor?)
> 
> Please see the details from packetfence.log and from systemctl status 
> packetfence-iptables below:
> 
> packetfence.log:
> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
> [mac:[undef]] getting security_events triggers for accounting cleanup 
> (pf::accounting::acct_maintenance)
> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) INFO: 
> [mac:[undef]] processed 0 security_events during security_event maintenance 
> (1706193787.30847 1706193787.36479) 
> (pf::security_event::security_event_maintenance)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing 
> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using 
> IPSET (pf::ipset::iptables_generate)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing iptables 
> (pf::ipset::iptables_flush_mangle)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
> rules to allow connections to the OAuth2 Providers and passthrough. 
> (pf::iptables::generate_passthrough_rules)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
> passthrough for connectivitycheck.gstatic.com 
>  
> (pf::iptables::generate_passthrough_rules)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
> Masquerade statement. (pf::iptables::generate_passthrough_rules)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring 
> iptables from /usr/local/pf/var/conf/iptables.conf 
> (pf::iptables::iptables_restore)
> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying to 
> run command: LANG=C /sbin/iptables-restore < 
> /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child 
> exited with non-zero value 2 (pf::util::pf_run)
> Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) INFO: 
> [mac:[undef]] processed 0 security_events during security_event maintenance 
> (1706193846.10912 1706193846.12021) 
> (pf::security_event::security_event_maintenance)
> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
> [mac:[undef]] Using 300 resolution threshold 
> (pf::pfcron::task::cluster_check::run)
> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
> [mac:[undef]] getting security_events triggers for accounting cleanup 
> (pf::accounting::acct_maintenance)
> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
> [mac:[undef]] All cluster members are running the same configuration version 
> (pf::pfcron::task::cluster_check::run)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing 
> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using 
> IPSET (pf::ipset::iptables_generate)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables 
> (pf::ipset::iptables_flush_mangle)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
> rules to allow connections to the OAuth2 Providers and passthrough. 
> (pf::iptables::generate_passthrough_rules)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
> passthrough for connectivitycheck.gstatic.com 
>  
> (pf::iptables::generate_passthrough_rules)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
> Masquerade statement. (pf::iptables::generate_passthrough_rules)
> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: restoring 
> iptables from 

Re: [PacketFence-users] Help with IP Tables and Processor usage question

[David Moore via PacketFence-users]

13.0, before that I'm not sure, but it was 12.x

Get Outlook for Android<https://aka.ms/AAb9ysg>


From: Zammit, Ludovic 
Sent: Monday, January 29, 2024 4:27:55 PM
To: PacketFence-users 
Cc: David Moore 
Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage 
question

Hello David,

What was the previous PF version before the upgrade?

Thanks,

Ludovic Zammit
Product Support Engineer Principal Lead
[https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png]
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
[https://www.akamai.com/us/en/multimedia/images/custom/community.jpg] 
<https://community.akamai.com>  
[https://www.akamai.com/us/en/multimedia/images/custom/rss.png] 
<http://blogs.akamai.com>  
[https://www.akamai.com/us/en/multimedia/images/custom/twitter.png] 
<https://twitter.com/akamai>  
[https://www.akamai.com/us/en/multimedia/images/custom/fb.png] 
<http://www.facebook.com/AkamaiTechnologies>  
[https://www.akamai.com/us/en/multimedia/images/custom/in.png] 
<http://www.linkedin.com/company/akamai-technologies>  
[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png] 
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users 
 wrote:

I recently upgraded to PF 13.1 and have had a few issues, most of which I have 
been able to resolve. The only lingering issue I'm aware of is with IP Tables, 
but I'm not positive it's something to be concerned about because PF is working.

My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of 
RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 
nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD 
devices) memory and disk space are fine but the CPU is constantly at 5Ghz of 
consumption (is that normal for the processor?)

Please see the details from packetfence.log and from systemctl status 
packetfence-iptables below:

packetfence.log:
Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1706193787.30847 1706193787.36479) 
(pf::security_event::security_event_maintenance)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing 
iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using IPSET 
(pf::ipset::iptables_generate)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing iptables 
(pf::ipset::iptables_flush_mangle)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
rules to allow connections to the OAuth2 Providers and passthrough. 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
passthrough for 
connectivitycheck.gstatic.com<http://connectivitycheck.gstatic.com/> 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
Masquerade statement. (pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring iptables 
from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying to 
run command: LANG=C /sbin/iptables-restore < 
/usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited 
with non-zero value 2 (pf::util::pf_run)
Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1706193846.10912 1706193846.12021) 
(pf::security_event::security_event_maintenance)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
[mac:[undef]] Using 300 resolution threshold 
(pf::pfcron::task::cluster_check::run)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
[mac:[undef]] All cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing 
iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using IPSET 
(pf::ipset::iptables_generate)
Jan 25 09:44:16 fence packetfence[5622

[PacketFence-users] Help with IP Tables and Processor usage question

[David Moore via PacketFence-users]

I recently upgraded to PF 13.1 and have had a few issues, most of which I have 
been able to resolve. The only lingering issue I'm aware of is with IP Tables, 
but I'm not positive it's something to be concerned about because PF is working.

My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of 
RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 
nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD 
devices) memory and disk space are fine but the CPU is constantly at 5Ghz of 
consumption (is that normal for the processor?)

Please see the details from packetfence.log and from systemctl status 
packetfence-iptables below:

packetfence.log:
Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1706193787.30847 1706193787.36479) 
(pf::security_event::security_event_maintenance)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing 
iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using IPSET 
(pf::ipset::iptables_generate)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing iptables 
(pf::ipset::iptables_flush_mangle)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
rules to allow connections to the OAuth2 Providers and passthrough. 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
passthrough for connectivitycheck.gstatic.com 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
Masquerade statement. (pf::iptables::generate_passthrough_rules)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring iptables 
from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying to 
run command: LANG=C /sbin/iptables-restore < 
/usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited 
with non-zero value 2 (pf::util::pf_run)
Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1706193846.10912 1706193846.12021) 
(pf::security_event::security_event_maintenance)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
[mac:[undef]] Using 300 resolution threshold 
(pf::pfcron::task::cluster_check::run)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: 
[mac:[undef]] All cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing 
iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using IPSET 
(pf::ipset::iptables_generate)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables 
(pf::ipset::iptables_flush_mangle)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding Forward 
rules to allow connections to the OAuth2 Providers and passthrough. 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding IP based 
passthrough for connectivitycheck.gstatic.com 
(pf::iptables::generate_passthrough_rules)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding NAT 
Masquerade statement. (pf::iptables::generate_passthrough_rules)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: restoring iptables 
from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: Problem trying to 
run command: LANG=C /sbin/iptables-restore < 
/usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited 
with non-zero value 2 (pf::util::pf_run)
Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1706193906.17069 1706193906.18816) 
(pf::security_event::security_event_maintenance)
Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(12) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: 
[mac:[undef]] Using 300 

Re: [PacketFence-users] Help on AD and Realms conf on PF cluster

[Adrian Dessaigne via PacketFence-users]

Hello Fabrice, 

To solve our issue, we had to rename our servers and change in the pf.conf the 
hostname variable. Then we could use the %h in the AD configuration on each 
nodes. 
The join is marked successful and we see all 3 nodes in our AD. 

Have a good day ! 
Adrian. 


De: "ADE"  
À: "Fabrice Durand"  
Cc: "packetfence-users"  
Envoyé: Vendredi 23 Juin 2023 08:48:08 
Objet: Re: [PacketFence-users] Help on AD and Realms conf on PF cluster 

Hello Fabrice, 

Thanks for this quick answer. It's what I tough, each node need to be seen in 
the AD. So, I need to go in " Configuration → Policies And Access Control → 
Domains → Active Directory Domains" and ad an AD entry for each node ? 
For exemple : 
-AD_node1 
-AD_node2 
-AD_node3 ? 

If I add juste one entry on the node 1 with the hostname "PF_node1", then go on 
the node 2, the entry is already configured as the hostname "PF_node1". 
I didn't mentioned, we can't use %h since our hostnames are too long. Maybe 
that's the issue here ? I have to manually set the hostname. 

Thanks for your help, 
Adrian. 


De: "Fabrice Durand"  
À: "packetfence-users"  
Cc: "ADE"  
Envoyé: Jeudi 22 Juin 2023 20:39:32 
Objet: Re: [PacketFence-users] Help on AD and Realms conf on PF cluster 

Hello Adrian, 
in fact when the doc say to join then it a samba join. 
So each servers needs to be joined to the domain (you should see a machine 
account for each of them in the AD). 

Regards 
Fabrice 


Le jeu. 22 juin 2023 à 11:54, Adrian Dessaigne via PacketFence-users < [ 
mailto:packetfence-users@lists.sourceforge.net | 
packetfence-users@lists.sourceforge.net ] > a écrit : 



Hello team ! 

I have recentrly set up a new instance of PacketFence wich have 3 servers and 
clusturised using the "Clustering Guide". 
It work good and no issues on synching. However I'm confused on how you're 
supposed to configure the AD and the Realms on a cluster setup. 

In the install documentation, it's mentionned : "If you are using an 
Active/Active cluster, each member of the cluster must be joined separately. 
Please follow the instructions in the PacketFence Clustering Guide." 
But on the clustering guide : "Next, make sure to join domains through 
Configuration → Policies And Access Control → Domains → Active Directory 
Domains on each node" 

At first I tough the AD Domains configs weren't synchronised but they are. So 
am I supposed to add a domain for each servers ? (if I only add one, synch, and 
I then join one by one, the previous servers loose the link and the join don't 
work anymore). 

If I have to add 3 domains configuration, one for each server, how do I 
configure the realms since I can only bind one domain ? 

I tested a few configuration but none are suitable. 

What is the best practice and what's the good way to configure the AD + Realms 
on a cluster ? 

Thanks a lot for your answers. 
Greats, 
Adrian. 
Enregistrer Enregistrer 
___ 
PacketFence-users mailing list 
[ mailto:PacketFence-users@lists.sourceforge.net | 
PacketFence-users@lists.sourceforge.net ] 
[ https://lists.sourceforge.net/lists/listinfo/packetfence-users | 
https://lists.sourceforge.net/lists/listinfo/packetfence-users ] 




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on AD and Realms conf on PF cluster

[Adrian Dessaigne via PacketFence-users]

Hello Fabrice, 

Thanks for this quick answer. It's what I tough, each node need to be seen in 
the AD. So, I need to go in " Configuration → Policies And Access Control → 
Domains → Active Directory Domains" and ad an AD entry for each node ? 
For exemple : 
-AD_node1 
-AD_node2 
-AD_node3 ? 

If I add juste one entry on the node 1 with the hostname "PF_node1", then go on 
the node 2, the entry is already configured as the hostname "PF_node1". 
I didn't mentioned, we can't use %h since our hostnames are too long. Maybe 
that's the issue here ? I have to manually set the hostname. 

Thanks for your help, 
Adrian. 


De: "Fabrice Durand"  
À: "packetfence-users"  
Cc: "ADE"  
Envoyé: Jeudi 22 Juin 2023 20:39:32 
Objet: Re: [PacketFence-users] Help on AD and Realms conf on PF cluster 

Hello Adrian, 
in fact when the doc say to join then it a samba join. 
So each servers needs to be joined to the domain (you should see a machine 
account for each of them in the AD). 

Regards 
Fabrice 


Le jeu. 22 juin 2023 à 11:54, Adrian Dessaigne via PacketFence-users < [ 
mailto:packetfence-users@lists.sourceforge.net | 
packetfence-users@lists.sourceforge.net ] > a écrit : 



Hello team ! 

I have recentrly set up a new instance of PacketFence wich have 3 servers and 
clusturised using the "Clustering Guide". 
It work good and no issues on synching. However I'm confused on how you're 
supposed to configure the AD and the Realms on a cluster setup. 

In the install documentation, it's mentionned : "If you are using an 
Active/Active cluster, each member of the cluster must be joined separately. 
Please follow the instructions in the PacketFence Clustering Guide." 
But on the clustering guide : "Next, make sure to join domains through 
Configuration → Policies And Access Control → Domains → Active Directory 
Domains on each node" 

At first I tough the AD Domains configs weren't synchronised but they are. So 
am I supposed to add a domain for each servers ? (if I only add one, synch, and 
I then join one by one, the previous servers loose the link and the join don't 
work anymore). 

If I have to add 3 domains configuration, one for each server, how do I 
configure the realms since I can only bind one domain ? 

I tested a few configuration but none are suitable. 

What is the best practice and what's the good way to configure the AD + Realms 
on a cluster ? 

Thanks a lot for your answers. 
Greats, 
Adrian. 
Enregistrer Enregistrer 
___ 
PacketFence-users mailing list 
[ mailto:PacketFence-users@lists.sourceforge.net | 
PacketFence-users@lists.sourceforge.net ] 
[ https://lists.sourceforge.net/lists/listinfo/packetfence-users | 
https://lists.sourceforge.net/lists/listinfo/packetfence-users ] 




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on AD and Realms conf on PF cluster

[Fabrice Durand via PacketFence-users]

Hello Adrian,

in fact when the doc say to join then it a samba join.
So each servers needs to be joined to the domain (you should see a machine
account for each of them in the AD).

Regards
Fabrice


Le jeu. 22 juin 2023 à 11:54, Adrian Dessaigne via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello team !
>
> I have recentrly set up a new instance of PacketFence wich have 3 servers
> and clusturised using the "Clustering Guide".
> It work good and no issues on synching. However I'm confused on how you're
> supposed to configure the AD and the Realms on a cluster setup.
>
> In the install documentation, it's mentionned : "If you are using an
> Active/Active cluster, each member of the cluster must be joined
> separately. Please follow the instructions in the PacketFence Clustering
> Guide."
> But on the clustering guide : "Next, make sure to join domains through
> Configuration → Policies And Access Control → Domains → Active Directory
> Domains on each node"
>
> At first I tough the AD Domains configs weren't synchronised but they are.
> So am I supposed to add a domain for each servers ? (if I only add one,
> synch, and I then join one by one, the previous servers loose the link and
> the join don't work anymore).
>
> If I have to add 3 domains configuration, one for each server, how do I
> configure the realms since I can only bind one domain ?
>
> I tested a few configuration but none are suitable.
>
> What is the best practice and what's the good way to configure the AD +
> Realms on a cluster ?
>
> Thanks a lot for your answers.
> Greats,
> Adrian.
> EnregistrerEnregistrer
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help on AD and Realms conf on PF cluster

[Adrian Dessaigne via PacketFence-users]

Hello team ! 

I have recentrly set up a new instance of PacketFence wich have 3 servers and 
clusturised using the "Clustering Guide". 
It work good and no issues on synching. However I'm confused on how you're 
supposed to configure the AD and the Realms on a cluster setup. 

In the install documentation, it's mentionned : "If you are using an 
Active/Active cluster, each member of the cluster must be joined separately. 
Please follow the instructions in the PacketFence Clustering Guide." 
But on the clustering guide : "Next, make sure to join domains through 
Configuration → Policies And Access Control → Domains → Active Directory 
Domains on each node" 

At first I tough the AD Domains configs weren't synchronised but they are. So 
am I supposed to add a domain for each servers ? (if I only add one, synch, and 
I then join one by one, the previous servers loose the link and the join don't 
work anymore). 

If I have to add 3 domains configuration, one for each server, how do I 
configure the realms since I can only bind one domain ? 

I tested a few configuration but none are suitable. 

What is the best practice and what's the good way to configure the AD + Realms 
on a cluster ? 

Thanks a lot for your answers. 
Greats, 
Adrian. 
Enregistrer Enregistrer 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help with HP CLI Radius Config

[Cian Phillips via PacketFence-users]

I'm trying to set up Packetfence to provide radius authentication to our HP
switches. The one I'm testing on has a 5406 chassis. I've got packetfence
talking to our openLDAP directory, and authenticating admin access to
packetfence based on a MemberOf group.

I've added the switch by IP in PF, enabled CLI/VPN, configured the radius
secret, and configured the switch to use radius for telnet access (we don't
usually use telnet, but this way I can test radius without breaking ssh
access). I'm tailing the radius.log file and can see the switch attempt to
authenticate, verify the user and credentials successfully, with no errors
on the packetfence radius side, but the switch fails to authenticate with
the following message:

"Access denied: no user's authorization info supplied by the RADIUS server"

I have tried it with "aaa authentication login privilege-mode" enabled and
disabled and the result is the same.

I'm not sure what I'm doing wrong, any suggestions?

On the switch, show authentication looks like this:

show authentication
 Status and Counters - Authentication Information
  Login Attempts : 3
  Lockout Delay : 0
  Respect Privilege : Disabled
  | Login  LoginLogin
 Access Task | PrimaryServer Group Secondary
  --- + --  --
  Console | Tacacs  Local
  Telnet  | Radius radius   None
  Port-Access | Local   None
  Webui   | Radius radius   Local
  SSH | Tacacs  Local
  Web-Auth| ChapRadius radius   None
  MAC-Auth| ChapRadius radius   None
  SNMP| Local   None


  | Enable Enable   Enable
 Access Task | PrimaryServer Group Secondary
  --- + --  --
  Console | Tacacs  Local
  Telnet  | Radius radius   None
  Webui   | Radius radius   Local
  SSH | Tacacs  Local



CIAN PHILLIPS Senior Security & Infrastructure Engineer

c...@cca.edu | o 510.594.3745 | m 510.316.2586

 Eighth St. | San Francisco, CA | 94107
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help

[Jefferson Inyanje via PacketFence-users]

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] HELP - Not getting packetfence installed

[JC du Preez via PacketFence-users]

Hi There,

I have installed and spinned up VirtualBox, then installed Red Hat 7.9. Then I 
did the yum update step, and then installed the two subscription manager items. 
Now when its time to intall using the yum 
localinstall.../././...packetfence-release-7.stable.noarch.rpm Then the system 
say: Skipping - nothing to do...?

Help please, I just want to spin this packetfence up

Kind regards,

JC du Preez | Manager: Projects and Technical Design
Mobile: +27 76 582 2149
Address: No.1 Ann Crescent, Simba, Sandton, Johannesburg

[cid:image001.png@01D71C4E.68DCB300]

DISCLAIMER:
The information contained in this e-mail is confidential and is intended solely 
for the addressee. If you are not the intended recipient, any accessing, 
disclosure, copying, distribution, action taken or other use thereof may be 
unlawful and give rise to a claim against you. If you received this e-mail in 
error, kindly contact the sender and delete the material from your computer. At 
present, the integrity of e-mail across the Internet cannot be guaranteed and 
the sender, or the employer of the sender, for any interception, error, virus 
or other interference, will accept no liability. Views and opinions are those 
of the sender unless clearly stated to be those of the employer.

Note that all calls made to this number are recorded.

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on setting switch-port filter in connection profile

[jrouzier via PacketFence-users]

Arun,

This was fixed

You can get this fix and all the other latest fixes by running pf-maint.pl


cd /usr/local/pf

# Get the latest fixed
./addons/pf-maint.pl

# Restart PacketFence
./bin/pfcmd service pf restart

On 1/24/21 11:14 PM, Arun Kangle wrote:

Thanks for your attention. I am using latest version 10.2.0.
- Arun

On Sun, Jan 24, 2021 at 9:55 PM jrouzier via PacketFence-users 
> wrote:


There was a bug where the frontend did not validate this properly.

Which version of packetfence are you using?

On 1/22/21 9:35 AM, Arun Kangle via PacketFence-users wrote:

Hello All,
Could someone please help on this?

Thanks in advance,
- Arun

On Thu, Jan 21, 2021 at 10:26 PM Arun Kangle mailto:akan...@gmail.com>> wrote:

Hello All,
Could someone please let me know the format for the
switch-port filter in the connection profile?

According to the installation guide it's
-, when I tried using the IP address as
switchportid it's not accepted. for example 10.0.2.1-10006

Thanks in advance,
- Arun



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net  

https://lists.sourceforge.net/lists/listinfo/packetfence-users  


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on setting switch-port filter in connection profile

[Ludovic Zammit via PacketFence-users]

Hello,

Have you applied the maintenance branch that contain all last bug fixes?

/usr/local/pf/addons/pf-maint.pl

then once all is applied:

/usr/local/pf/bin/pfcmd service pf restart

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Jan 24, 2021, at 11:14 PM, Arun Kangle via PacketFence-users 
>  wrote:
> 
> Thanks for your attention. I am using latest version 10.2.0.
> - Arun
> 
> On Sun, Jan 24, 2021 at 9:55 PM jrouzier via PacketFence-users 
>  > wrote:
> There was a bug where the frontend did not validate this properly.
> 
> Which version of packetfence are you using?
> 
> 
> On 1/22/21 9:35 AM, Arun Kangle via PacketFence-users wrote:
>> Hello All,
>> Could someone please help on this?
>> 
>> Thanks in advance,
>> - Arun
>> 
>> On Thu, Jan 21, 2021 at 10:26 PM Arun Kangle > > wrote:
>> Hello All,
>> Could someone please let me know the format for the switch-port filter in 
>> the connection profile?
>> 
>> According to the installation guide it's -, when I tried 
>> using the IP address as switchportid it's not accepted. for example 
>> 10.0.2.1-10006
>> 
>> Thanks in advance,
>> - Arun
>> 
>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on setting switch-port filter in connection profile

[jrouzier via PacketFence-users]

There was a bug where the frontend did not validate this properly.

Which version of packetfence are you using?

On 1/22/21 9:35 AM, Arun Kangle via PacketFence-users wrote:

Hello All,
Could someone please help on this?

Thanks in advance,
- Arun

On Thu, Jan 21, 2021 at 10:26 PM Arun Kangle > wrote:


Hello All,
Could someone please let me know the format for the switch-port
filter in the connection profile?

According to the installation guide it's -,
when I tried using the IP address as switchportid it's not
accepted. for example 10.0.2.1-10006

Thanks in advance,
- Arun



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on setting switch-port filter in connection profile

[Arun Kangle via PacketFence-users]

Hello All,
Could someone please help on this?

Thanks in advance,
- Arun

On Thu, Jan 21, 2021 at 10:26 PM Arun Kangle  wrote:

> Hello All,
> Could someone please let me know the format for the switch-port filter in
> the connection profile?
>
> According to the installation guide it's -, when I
> tried using the IP address as switchportid it's not accepted. for example
> 10.0.2.1-10006
>
> Thanks in advance,
> - Arun
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help on setting switch-port filter in connection profile

[Arun Kangle via PacketFence-users]

Hello All,
Could someone please let me know the format for the switch-port filter in
the connection profile?

According to the installation guide it's -, when I
tried using the IP address as switchportid and port Ifindex, for example
10.0.2.1-10006, it's not accepting.

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help Request - Can't get self-service portal on new Connection Profile

[Oley, Ronald via PacketFence-users]

You’re correct, the issue was it was hitting the default profile first.  
Resolved.  Thanks.

From: Ludovic Zammit 
Sent: Thursday, October 1, 2020 8:53 AM
To: packetfence-users@lists.sourceforge.net
Cc: Oley, Ronald 
Subject: Re: [PacketFence-users] Help Request - Can't get self-service portal 
on new Connection Profile

Hello,

It looks like your are not matching the filter on that connection profile.

What’s your filter? How you connect to it?

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca%2F=02%7C01%7Cronaldoley%40kings.edu%7Ca4330f30b8c74007fa2d08d866090055%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637371536141973943=predoiReHFeoEhc8h7kttnKWweyE%2BacSRoQ8P64iBwI%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F=02%7C01%7Cronaldoley%40kings.edu%7Ca4330f30b8c74007fa2d08d866090055%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637371536141973943=KXWW3xcvILeT7lSfZJAXuJmhmoVslw2ab9QgDuN2F3E%3D=0>)
 and PacketFence 
(http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F=02%7C01%7Cronaldoley%40kings.edu%7Ca4330f30b8c74007fa2d08d866090055%7C93faac0947da4186be23130043bb3418%7C0%7C1%7C637371536141983934=R0ZUus2hLWKUhbHVXSOb3A9ODuWhhT9BW3YyIQnnnvc%3D=0>)





On Sep 30, 2020, at 1:16 PM, Oley, Ronald via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Probably something very simple.  I've created a new Connection Profile and 
Self-Service Policy.  When I assign the Policy to that Profile and try to visit 
the self-service URL, I get the message "Device registration module is not 
enabled".  If I switch my same SS Policy to be active under the Default 
Connection profile instead, it suddenly works fine.  The portal daemon is 
enabled on the network interface.

Packetfence Version 10.1.0, deployed via the ZEN with a single network 
interface.

What am I missing, here?

Thanks!




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help Request - Can't get self-service portal on new Connection Profile

[Ludovic Zammit via PacketFence-users]

Hello,

It looks like your are not matching the filter on that connection profile.

What’s your filter? How you connect to it?

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Sep 30, 2020, at 1:16 PM, Oley, Ronald via PacketFence-users 
>  wrote:
> 
> Probably something very simple.  I've created a new Connection Profile and 
> Self-Service Policy.  When I assign the Policy to that Profile and try to 
> visit the self-service URL, I get the message "Device registration module is 
> not enabled".  If I switch my same SS Policy to be active under the Default 
> Connection profile instead, it suddenly works fine.  The portal daemon is 
> enabled on the network interface.
> 
> Packetfence Version 10.1.0, deployed via the ZEN with a single network 
> interface.
> 
> What am I missing, here?
> 
> Thanks!
> 
> 
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help Request - Can't get self-service portal on new Connection Profile

[Oley, Ronald via PacketFence-users]

Probably something very simple.  I've created a new Connection Profile and 
Self-Service Policy.  When I assign the Policy to that Profile and try to visit 
the self-service URL, I get the message "Device registration module is not 
enabled".  If I switch my same SS Policy to be active under the Default 
Connection profile instead, it suddenly works fine.  The portal daemon is 
enabled on the network interface.

Packetfence Version 10.1.0, deployed via the ZEN with a single network 
interface.

What am I missing, here?

Thanks!




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help on 802.1x + Registration Portal Scenario

[Emanuele Gabrielli via PacketFence-users]

Hi all, I need to configure PF to manage a standard (I guess) scenario
where:

  1) It is defined as Out-of-Band Enforcement (a.k.a. VLAN Enforcement) as
defined in
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_vlan_assignment_techniques
  2) I use an external Freeradius authentication service
  3) I need to configure switches so that:
  a) Users with a regular account may use 802.1x to access the network
and allow the device to have a working IP
  b) Users without a regular account should be able to register and
acquire a new account (by email, SMS or whatever...)
  c) Once the user acquired the new account, it should be able to
perform 802.1x authentication with it


I configured the switch to manage its ports with 802.1x + RADIUS.
If the user successfully authenticates, then it is assigned (by means of
CoA) the corresponding VLAN.
At this point I need to figure out which could be the easier way to manage
users who don't have an account.
In my opinion there are several options:

 A)  define some switch specific ports where the connected device will be
assinged the registration VLAN and then redirected to the Captive Portal
where it could ask for a new account. Then it can use the obtained account
to perform (on another switch port) 802.1x authentication.
In that case, we reserve specific switch ports to do only registration.

 B)  the guest user connects to a switch port performing 802.1x
authentication and it supplies predefined guest credentials (i.e.
username=guest, password=guest). This is real account which is used to
redirect the user to the registration page. This requires to define a Rule
which maps the guest user to the Registration VLAN.


What about the proposed scenarios? Do you see opportunities to define
better solutions?

Thanks
Emanuele

---
Emanuele Gabrielli

Dipartimento di Informatica - Università di Roma "Sapienza"
Via Salaria, 113
00198 - Roma

tel.  +390649918313
email:gabrie...@di.uniroma1.it
personal page: https://sites.google.com/a/di.uniroma1.it/emanuele_gabrielli/
SkypeID: egabriell
-
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help

[mau rice via PacketFence-users]

Hi,

i want to use packet fence as a very simple captive Portal with local database 
only.
I am having Problems configuring it. I do have the „normal“ and „admin“ guide 
stuied
But still find it hard to understand to Connection profiles and 
authentification Sources.

Is there a guide more detailed or some other help?

I m still a Trainee 

Thank you all in Advance.

Maurice

Gesendet von Mail für Windows 10

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! High Memory Utilization

[Helen Power via PacketFence-users]

Thank you Nicolas.

Helen

> On Aug 29, 2019, at 6:35 AM, Nicolas Quiniou-Briand via PacketFence-users 
>  wrote:
>
> Hello Helen,
>
>> On 2019-08-28 4:11 p.m., Helen Power via PacketFence-users wrote:
>> Is there anyway we can disable old admins or it’s per design? We can see 
>> Perl is using most of the memory.
>
> No, we will remove old web admin in the future (not scheduled for now).
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Finverse.cadata=02%7C01%7Chelen_power%40resourcepro.com%7Ce170718270f8457cee5b08d72c74ffd3%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637026753336485620sdata=QR5GtJla2GL5PqaTFm3bYCr2lL9w2VzCc6kKpmaneW0%3Dreserved=0
> Inverse inc. :: Leaders behind SOGo 
> (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsogo.nudata=02%7C01%7Chelen_power%40resourcepro.com%7Ce170718270f8457cee5b08d72c74ffd3%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637026753336495623sdata=YnpPisZAtYzXKjWGIHUl0IN9G6ZSVjFEhJL7OTU1z7s%3Dreserved=0),
>  PacketFence 
> (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpacketfence.orgdata=02%7C01%7Chelen_power%40resourcepro.com%7Ce170718270f8457cee5b08d72c74ffd3%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637026753336495623sdata=UW0mvm2o95eeaQWccX5sRUUw5sUXML2wC9oJP%2Fd2R7o%3Dreserved=0)
>  and Fingerbank 
> (https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffingerbank.orgdata=02%7C01%7Chelen_power%40resourcepro.com%7Ce170718270f8457cee5b08d72c74ffd3%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637026753336495623sdata=uetGavduXqDAZ7avVf2nt2u0dzy8ogz%2BAPE5j63sfho%3Dreserved=0)
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-usersdata=02%7C01%7Chelen_power%40resourcepro.com%7Ce170718270f8457cee5b08d72c74ffd3%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637026753336495623sdata=G5j7HwQyBUksyNKLSO%2FC0HPJR3QSld4xUTRtO7qc2NM%3Dreserved=0
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! High Memory Utilization

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Helen,

On 2019-08-28 4:11 p.m., Helen Power via PacketFence-users wrote:
Is there anyway we can disable old admins or it’s per design? We can see 
Perl is using most of the memory.


No, we will remove old web admin in the future (not scheduled for now).
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! High Memory Utilization

[Helen Power via PacketFence-users]

Hi Ludovic,

Thank you for your reply.

Is there anyway we can disable old admins or it’s per design? We can see Perl 
is using most of the memory.

Helen

On Aug 28, 2019, at 7:05 AM, Ludovic Zammit 
mailto:lzam...@inverse.ca>> wrote:

Hello,

Since PacketFence v9 has both old and new admins, the required memory in 
production would start at 12Go of RAM.

Thanks,



On Aug 26, 2019, at 10:48 AM, Helen Power via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hi All,

We’ve been using PacketFence v9 web authentication mode for a while now. The 
packetfence server resides on Azure VM with 8GB RAM. We will receive high 
memory utilization (90%) warning from time to time. Right now without much 
traffic on, the system is already used up 6GB memory. We used a memory summary 
script
 and get the result below. When we have more user connect to Wi-Fi and 
authenticate themselves via packtfence, we can see the httpd and perl RAM value 
increase a lot. Is there a way to tune the memory utilization or we have to add 
more memory to the server?

=

[root@us-packetfence2 ~]# ./ps_mem.py
Private  +   Shared  =  RAM used   Program

100.0 KiB +  12.0 KiB = 112.0 KiB   hypervvssd
160.0 KiB +  19.5 KiB = 179.5 KiB   lsmd
196.0 KiB +  17.5 KiB = 213.5 KiB   hypervkvpd
228.0 KiB +  40.0 KiB = 268.0 KiB   atd
260.0 KiB +  36.0 KiB = 296.0 KiB   agetty (2)
252.0 KiB +  58.0 KiB = 310.0 KiB   irqbalance
304.0 KiB +  29.0 KiB = 333.0 KiB   audispd
320.0 KiB +  53.0 KiB = 373.0 KiB   lvmetad
392.0 KiB +  46.0 KiB = 438.0 KiB   cat (4)
352.0 KiB + 162.5 KiB = 514.5 KiB   mysqld_safe
516.0 KiB +  62.5 KiB = 578.5 KiB   auditd
556.0 KiB +  74.0 KiB = 630.0 KiB   rpcbind
588.0 KiB +  54.0 KiB = 642.0 KiB   smartd
608.0 KiB +  74.5 KiB = 682.5 KiB   chronyd
672.0 KiB +  35.0 KiB = 707.0 KiB   crond
740.0 KiB +  42.5 KiB = 782.5 KiB   systemd-logind
732.0 KiB +  51.0 KiB = 783.0 KiB   omiserver
836.0 KiB +  59.5 KiB = 895.5 KiB   systemd-udevd
872.0 KiB +  69.0 KiB = 941.0 KiB   omiengine
868.0 KiB + 121.0 KiB = 989.0 KiB   rngd
916.0 KiB + 179.5 KiB =   1.1 MiB   dbus-daemon
  1.2 MiB +  92.5 KiB =   1.3 MiB   master
  1.2 MiB + 140.5 KiB =   1.4 MiB   pickup
  1.3 MiB + 140.5 KiB =   1.4 MiB   showq
  1.3 MiB + 144.5 KiB =   1.5 MiB   qmgr
  1.4 MiB + 170.0 KiB =   1.6 MiB   logger (14)
  1.6 MiB +  16.0 KiB =   1.7 MiB   fping
  2.3 MiB +  22.5 KiB =   2.3 MiB   apps.plugin
  2.0 MiB + 452.0 KiB =   2.5 MiB   NetworkManager
  2.2 MiB + 766.5 KiB =   2.9 MiB   sudo
  2.9 MiB +  83.5 KiB =   3.0 MiB   systemd
  3.3 MiB +  24.0 KiB =   3.3 MiB   pfdns
  3.3 MiB + 777.5 KiB =   4.1 MiB   bash (3)
  3.7 MiB + 438.0 KiB =   4.1 MiB   abrt-dbus
  2.2 MiB +   2.1 MiB =   4.4 MiB   sshd (3)
  4.3 MiB + 124.0 KiB =   4.4 MiB   omiagent
  6.5 MiB + 365.5 KiB =   6.8 MiB   polkitd
  2.8 MiB +   5.8 MiB =   8.6 MiB   haproxy (2)
10.5 MiB + 389.0 KiB =  10.9 MiB   redis-server (2)
11.0 MiB + 705.5 KiB =  11.7 MiB   tuned
13.4 MiB +  24.0 KiB =  13.4 MiB   auomscollect
13.4 MiB +  42.0 KiB =  13.5 MiB   auoms
  6.5 MiB +   8.2 MiB =  14.7 MiB   rsyslogd
  5.2 MiB +  11.8 MiB =  17.0 MiB   pfmon
  3.0 MiB +  14.3 MiB =  17.3 MiB   pfqueue
18.5 MiB + 463.0 KiB =  19.0 MiB   NetworkWatcherAgent (2)
  6.9 MiB +  12.7 MiB =  19.6 MiB   systemd-journald
29.9 MiB +  32.0 KiB =  29.9 MiB   pfstats
  1.2 MiB +  30.1 MiB =  31.3 MiB   pffilter
29.2 MiB +   3.4 MiB =  32.6 MiB   pfhttpd (4)
34.9 MiB + 165.5 KiB =  35.1 MiB   pf-mariadb
17.5 MiB +  24.7 MiB =  42.2 MiB   pfperl-api
38.6 MiB +  19.0 MiB =  57.5 MiB   radsniff
63.6 MiB +   1.2 MiB =  64.8 MiB   netdata
64.0 MiB +   1.9 MiB =  65.9 MiB   python2.7 (4)
84.3 MiB +   1.5 MiB =  85.8 MiB   radiusd (2)
118.3 MiB + 331.5 KiB = 118.6 MiB   pfconfig
135.8 MiB + 250.0 KiB = 136.0 MiB   omsagent
102.9 MiB + 160.7 MiB = 263.6 MiB   /usr/sbin/httpd (4)
303.3 MiB + 266.0 KiB = 303.5 MiB   mysqld
891.1 MiB + 851.1 MiB =   1.7 GiB   httpd (31)
  2.3 GiB + 573.2 MiB =   2.9 GiB   perl (40)
-
  6.0 GiB

Thank you so much for your help,
Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, 

Re: [PacketFence-users] Help! High Memory Utilization

[Ludovic Zammit via PacketFence-users]

Hello,

Since PacketFence v9 has both old and new admins, the required memory in 
production would start at 12Go of RAM.

Thanks,



> On Aug 26, 2019, at 10:48 AM, Helen Power via PacketFence-users 
>  wrote:
> 
> Hi All,
>  
> We’ve been using PacketFence v9 web authentication mode for a while now. The 
> packetfence server resides on Azure VM with 8GB RAM. We will receive high 
> memory utilization (90%) warning from time to time. Right now without much 
> traffic on, the system is already used up 6GB memory. We used a memory 
> summary script 
>  and get 
> the result below. When we have more user connect to Wi-Fi and authenticate 
> themselves via packtfence, we can see the httpd and perl RAM value increase a 
> lot. Is there a way to tune the memory utilization or we have to add more 
> memory to the server?
>  
> =
>  
> [root@us-packetfence2 ~]# ./ps_mem.py
> Private  +   Shared  =  RAM used   Program
>  
> 100.0 KiB +  12.0 KiB = 112.0 KiB   hypervvssd
> 160.0 KiB +  19.5 KiB = 179.5 KiB   lsmd
> 196.0 KiB +  17.5 KiB = 213.5 KiB   hypervkvpd
> 228.0 KiB +  40.0 KiB = 268.0 KiB   atd
> 260.0 KiB +  36.0 KiB = 296.0 KiB   agetty (2)
> 252.0 KiB +  58.0 KiB = 310.0 KiB   irqbalance
> 304.0 KiB +  29.0 KiB = 333.0 KiB   audispd
> 320.0 KiB +  53.0 KiB = 373.0 KiB   lvmetad
> 392.0 KiB +  46.0 KiB = 438.0 KiB   cat (4)
> 352.0 KiB + 162.5 KiB = 514.5 KiB   mysqld_safe
> 516.0 KiB +  62.5 KiB = 578.5 KiB   auditd
> 556.0 KiB +  74.0 KiB = 630.0 KiB   rpcbind
> 588.0 KiB +  54.0 KiB = 642.0 KiB   smartd
> 608.0 KiB +  74.5 KiB = 682.5 KiB   chronyd
> 672.0 KiB +  35.0 KiB = 707.0 KiB   crond
> 740.0 KiB +  42.5 KiB = 782.5 KiB   systemd-logind
> 732.0 KiB +  51.0 KiB = 783.0 KiB   omiserver
> 836.0 KiB +  59.5 KiB = 895.5 KiB   systemd-udevd
> 872.0 KiB +  69.0 KiB = 941.0 KiB   omiengine
> 868.0 KiB + 121.0 KiB = 989.0 KiB   rngd
> 916.0 KiB + 179.5 KiB =   1.1 MiB   dbus-daemon
>   1.2 MiB +  92.5 KiB =   1.3 MiB   master
>   1.2 MiB + 140.5 KiB =   1.4 MiB   pickup
>   1.3 MiB + 140.5 KiB =   1.4 MiB   showq
>   1.3 MiB + 144.5 KiB =   1.5 MiB   qmgr
>   1.4 MiB + 170.0 KiB =   1.6 MiB   logger (14)
>   1.6 MiB +  16.0 KiB =   1.7 MiB   fping
>   2.3 MiB +  22.5 KiB =   2.3 MiB   apps.plugin
>   2.0 MiB + 452.0 KiB =   2.5 MiB   NetworkManager
>   2.2 MiB + 766.5 KiB =   2.9 MiB   sudo
>   2.9 MiB +  83.5 KiB =   3.0 MiB   systemd
>   3.3 MiB +  24.0 KiB =   3.3 MiB   pfdns
>   3.3 MiB + 777.5 KiB =   4.1 MiB   bash (3)
>   3.7 MiB + 438.0 KiB =   4.1 MiB   abrt-dbus
>   2.2 MiB +   2.1 MiB =   4.4 MiB   sshd (3)
>   4.3 MiB + 124.0 KiB =   4.4 MiB   omiagent
>   6.5 MiB + 365.5 KiB =   6.8 MiB   polkitd
>   2.8 MiB +   5.8 MiB =   8.6 MiB   haproxy (2)
> 10.5 MiB + 389.0 KiB =  10.9 MiB   redis-server (2)
> 11.0 MiB + 705.5 KiB =  11.7 MiB   tuned
> 13.4 MiB +  24.0 KiB =  13.4 MiB   auomscollect
> 13.4 MiB +  42.0 KiB =  13.5 MiB   auoms
>   6.5 MiB +   8.2 MiB =  14.7 MiB   rsyslogd
>   5.2 MiB +  11.8 MiB =  17.0 MiB   pfmon
>   3.0 MiB +  14.3 MiB =  17.3 MiB   pfqueue
> 18.5 MiB + 463.0 KiB =  19.0 MiB   NetworkWatcherAgent (2)
>   6.9 MiB +  12.7 MiB =  19.6 MiB   systemd-journald
> 29.9 MiB +  32.0 KiB =  29.9 MiB   pfstats
>   1.2 MiB +  30.1 MiB =  31.3 MiB   pffilter
> 29.2 MiB +   3.4 MiB =  32.6 MiB   pfhttpd (4)
> 34.9 MiB + 165.5 KiB =  35.1 MiB   pf-mariadb
> 17.5 MiB +  24.7 MiB =  42.2 MiB   pfperl-api
> 38.6 MiB +  19.0 MiB =  57.5 MiB   radsniff
> 63.6 MiB +   1.2 MiB =  64.8 MiB   netdata
> 64.0 MiB +   1.9 MiB =  65.9 MiB   python2.7 (4)
> 84.3 MiB +   1.5 MiB =  85.8 MiB   radiusd (2)
> 118.3 MiB + 331.5 KiB = 118.6 MiB   pfconfig
> 135.8 MiB + 250.0 KiB = 136.0 MiB   omsagent
> 102.9 MiB + 160.7 MiB = 263.6 MiB   /usr/sbin/httpd (4)
> 303.3 MiB + 266.0 KiB = 303.5 MiB   mysqld
> 891.1 MiB + 851.1 MiB =   1.7 GiB   httpd (31)
>   2.3 GiB + 573.2 MiB =   2.9 GiB   perl (40)
> -
>   6.0 GiB
>  
> Thank you so much for your help,
> Helen
> This email (including any attachments) contains confidential information 
> intended for a specific individual and purpose. If you have received this 
> email in error please notify the sender immediately and delete this e-mail. 
> If you are not the intended recipient any disclosing, distributing, copying, 
> or taking any action based on this e-mail is strictly prohibited. ReSource 
> Pro, LLC. 60 E 42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com 
>  ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 

[PacketFence-users] Help! High Memory Utilization

[Helen Power via PacketFence-users]

Hi All,

We've been using PacketFence v9 web authentication mode for a while now. The 
packetfence server resides on Azure VM with 8GB RAM. We will receive high 
memory utilization (90%) warning from time to time. Right now without much 
traffic on, the system is already used up 6GB memory. We used a memory summary 
script and 
get the result below. When we have more user connect to Wi-Fi and authenticate 
themselves via packtfence, we can see the httpd and perl RAM value increase a 
lot. Is there a way to tune the memory utilization or we have to add more 
memory to the server?

=

[root@us-packetfence2 ~]# ./ps_mem.py
Private  +   Shared  =  RAM used   Program

100.0 KiB +  12.0 KiB = 112.0 KiB   hypervvssd
160.0 KiB +  19.5 KiB = 179.5 KiB   lsmd
196.0 KiB +  17.5 KiB = 213.5 KiB   hypervkvpd
228.0 KiB +  40.0 KiB = 268.0 KiB   atd
260.0 KiB +  36.0 KiB = 296.0 KiB   agetty (2)
252.0 KiB +  58.0 KiB = 310.0 KiB   irqbalance
304.0 KiB +  29.0 KiB = 333.0 KiB   audispd
320.0 KiB +  53.0 KiB = 373.0 KiB   lvmetad
392.0 KiB +  46.0 KiB = 438.0 KiB   cat (4)
352.0 KiB + 162.5 KiB = 514.5 KiB   mysqld_safe
516.0 KiB +  62.5 KiB = 578.5 KiB   auditd
556.0 KiB +  74.0 KiB = 630.0 KiB   rpcbind
588.0 KiB +  54.0 KiB = 642.0 KiB   smartd
608.0 KiB +  74.5 KiB = 682.5 KiB   chronyd
672.0 KiB +  35.0 KiB = 707.0 KiB   crond
740.0 KiB +  42.5 KiB = 782.5 KiB   systemd-logind
732.0 KiB +  51.0 KiB = 783.0 KiB   omiserver
836.0 KiB +  59.5 KiB = 895.5 KiB   systemd-udevd
872.0 KiB +  69.0 KiB = 941.0 KiB   omiengine
868.0 KiB + 121.0 KiB = 989.0 KiB   rngd
916.0 KiB + 179.5 KiB =   1.1 MiB   dbus-daemon
  1.2 MiB +  92.5 KiB =   1.3 MiB   master
  1.2 MiB + 140.5 KiB =   1.4 MiB   pickup
  1.3 MiB + 140.5 KiB =   1.4 MiB   showq
  1.3 MiB + 144.5 KiB =   1.5 MiB   qmgr
  1.4 MiB + 170.0 KiB =   1.6 MiB   logger (14)
  1.6 MiB +  16.0 KiB =   1.7 MiB   fping
  2.3 MiB +  22.5 KiB =   2.3 MiB   apps.plugin
  2.0 MiB + 452.0 KiB =   2.5 MiB   NetworkManager
  2.2 MiB + 766.5 KiB =   2.9 MiB   sudo
  2.9 MiB +  83.5 KiB =   3.0 MiB   systemd
  3.3 MiB +  24.0 KiB =   3.3 MiB   pfdns
  3.3 MiB + 777.5 KiB =   4.1 MiB   bash (3)
  3.7 MiB + 438.0 KiB =   4.1 MiB   abrt-dbus
  2.2 MiB +   2.1 MiB =   4.4 MiB   sshd (3)
  4.3 MiB + 124.0 KiB =   4.4 MiB   omiagent
  6.5 MiB + 365.5 KiB =   6.8 MiB   polkitd
  2.8 MiB +   5.8 MiB =   8.6 MiB   haproxy (2)
10.5 MiB + 389.0 KiB =  10.9 MiB   redis-server (2)
11.0 MiB + 705.5 KiB =  11.7 MiB   tuned
13.4 MiB +  24.0 KiB =  13.4 MiB   auomscollect
13.4 MiB +  42.0 KiB =  13.5 MiB   auoms
  6.5 MiB +   8.2 MiB =  14.7 MiB   rsyslogd
  5.2 MiB +  11.8 MiB =  17.0 MiB   pfmon
  3.0 MiB +  14.3 MiB =  17.3 MiB   pfqueue
18.5 MiB + 463.0 KiB =  19.0 MiB   NetworkWatcherAgent (2)
  6.9 MiB +  12.7 MiB =  19.6 MiB   systemd-journald
29.9 MiB +  32.0 KiB =  29.9 MiB   pfstats
  1.2 MiB +  30.1 MiB =  31.3 MiB   pffilter
29.2 MiB +   3.4 MiB =  32.6 MiB   pfhttpd (4)
34.9 MiB + 165.5 KiB =  35.1 MiB   pf-mariadb
17.5 MiB +  24.7 MiB =  42.2 MiB   pfperl-api
38.6 MiB +  19.0 MiB =  57.5 MiB   radsniff
63.6 MiB +   1.2 MiB =  64.8 MiB   netdata
64.0 MiB +   1.9 MiB =  65.9 MiB   python2.7 (4)
84.3 MiB +   1.5 MiB =  85.8 MiB   radiusd (2)
118.3 MiB + 331.5 KiB = 118.6 MiB   pfconfig
135.8 MiB + 250.0 KiB = 136.0 MiB   omsagent
102.9 MiB + 160.7 MiB = 263.6 MiB   /usr/sbin/httpd (4)
303.3 MiB + 266.0 KiB = 303.5 MiB   mysqld
891.1 MiB + 851.1 MiB =   1.7 GiB   httpd (31)
  2.3 GiB + 573.2 MiB =   2.9 GiB   perl (40)
-
  6.0 GiB

Thank you so much for your help,
Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help - Guest fallback to authentication page

[Helen Power via PacketFence-users]

Hi Ludovic,

Thank you very much for helping.

I checked and it actually doesn’t show any error messages. Guest can do self 
registration fine, the sponsor can grant access fine. It’s just if the sponsor 
doesn’t activate the guest access right away, guest side looks it will time out 
after 60 - 90seconds and then back to the guest sign up and start the 
authentication all over again. Is there anything I can change to disable this 
feature?

Scarlett

On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello Scarlett,

When the sponsor click on the link to validated the access you don’t see any 
error ?

If you check in the logs/packetfence.log you should be able to trace what’s 
going on for that sponsor authentication.

Thanks,

Ludovic Zammit
lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
www.inverse.ca
Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu)
 and PacketFence 
(http://packetfence.org)




On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hi All,
We are running the latest PacketFence box and trying to enable the guest self 
registration feature. Everything works fine but one thing. When the guest self 
register himself via the sponsor email and pending for sponsor approval, If the 
sponsor doesn’t approve his request within around 1 minute, guest pending 
approval page will fallback to the originate guest signup page. Guest doesn’t 
have WiFi access even sponsor grant the access afterwards. Would you please 
help to shed some light on how to solve this issue? Is there a way to have 
guest stay at the pending page before getting the approval instead of fallback 
to authenticate all over again?

Thank you very much for your help!!!

Scarlett
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-usersdata=02%7C01%7Chelen_power%40resourcepro.com%7C1d0311d9e8e74ed226c208d71a7dab0f%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637006999369746936sdata=mUUIXbTUkOH%2Fez02kFlN39izG6hR0s8uTos5LntCtKM%3Dreserved=0
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help - Guest fallback to authentication page

[Ludovic Zammit via PacketFence-users]

Scarlett,

The “Email Activation Timeout” is configurable under the Sponsor source. By 
default it’s set to 30 mins. The user should stay in pending mode until he gets 
enable or the token expires after 30 mins.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 11:04 AM, Scarlett Moss  
> wrote:
> 
> I understand that. The issue is under most cases, the sponsor will not be 
> able to grant their access in one and half minute. So the guest will stay in 
> the pending page and wait for the approval from the sponsor. However, it will 
> time out / jump back to the original sign up page before the sponsor even 
> gets the chance to approve its request. Does that make sense? so I want to 
> longer the guest pending time so it will give the sponsor enough time to 
> actually check their email and then approve their request.
> 
> Scarlett 
> 
> On Tue, Aug 6, 2019 at 9:59 AM Ludovic Zammit  > wrote:
> The sponsor should receive a email, into that email he has a link.
> 
> The user will only be enabled on the network as soon the sponsor click on the 
> link to grant the access. If the email is delayed or/and the sponsor takes 
> time to click on the link and grant the access, the user would have to wait.
> 
> Thanks,
> 
> Ludovic Zammit
> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> ) and PacketFence (http://packetfence.org 
> ) 
> 
> 
> 
> 
>> On Aug 6, 2019, at 10:56 AM, Helen Power > > wrote:
>> 
>> 
>> Hi Ludovic,
>> 
>> Thank you very much for helping.
>> 
>> I checked and it actually doesn’t show any error messages. Guest can do self 
>> registration fine, the sponsor can grant access fine. It’s just if the 
>> sponsor doesn’t activate the guest access right away, guest side looks it 
>> will time out after 60 - 90seconds and then back to the guest sign up and 
>> start the authentication all over again. Is there anything I can change to 
>> disable this feature?
>> 
>> Scarlett
>> 
>> On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
>> > > wrote:
>> 
>>> Hello Scarlett,
>>> 
>>> When the sponsor click on the link to validated the access you don’t see 
>>> any error ?
>>> 
>>> If you check in the logs/packetfence.log you should be able to trace what’s 
>>> going on for that sponsor authentication.
>>> 
>>> Thanks,
>>> 
>>> Ludovic Zammit
>>> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) 
>>> ::  www.inverse.ca 
>>> 
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
>>> )
>>>  and PacketFence (http://packetfence.org 
>>> )
>>>  
>>> 
>>> 
>>> 
>>> 
 On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
 >>> > wrote:
 
 Hi All,
 We are running the latest PacketFence box and trying to enable the guest 
 self registration feature. Everything works fine but one thing. When the 
 guest self register himself via the sponsor email and pending for sponsor 
 approval, If the sponsor doesn’t approve his request within around 1 
 minute, guest pending approval page will fallback to the originate guest 
 signup page. Guest doesn’t have WiFi access even sponsor grant the access 
 afterwards. Would you please help to shed some light on how to solve this 
 issue? Is there a way to have guest stay at the pending page before 
 getting the approval instead of fallback to authenticate all over again?
 
  
 
 Thank you very much for your help!!!
 
  
 
 Scarlett 
 
 ___
 PacketFence-users mailing list
 

Re: [PacketFence-users] help - Guest fallback to authentication page

[Ludovic Zammit via PacketFence-users]

The sponsor should receive a email, into that email he has a link.

The user will only be enabled on the network as soon the sponsor click on the 
link to grant the access. If the email is delayed or/and the sponsor takes time 
to click on the link and grant the access, the user would have to wait.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 10:56 AM, Helen Power  wrote:
> 
> 
> Hi Ludovic,
> 
> Thank you very much for helping.
> 
> I checked and it actually doesn’t show any error messages. Guest can do self 
> registration fine, the sponsor can grant access fine. It’s just if the 
> sponsor doesn’t activate the guest access right away, guest side looks it 
> will time out after 60 - 90seconds and then back to the guest sign up and 
> start the authentication all over again. Is there anything I can change to 
> disable this feature?
> 
> Scarlett
> 
> On Aug 6, 2019, at 9:52 AM, Ludovic Zammit via PacketFence-users 
>  > wrote:
> 
>> Hello Scarlett,
>> 
>> When the sponsor click on the link to validated the access you don’t see any 
>> error ?
>> 
>> If you check in the logs/packetfence.log you should be able to trace what’s 
>> going on for that sponsor authentication.
>> 
>> Thanks,
>> 
>> Ludovic Zammit
>> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) :: 
>>  www.inverse.ca 
>> 
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
>> )
>>  and PacketFence (http://packetfence.org 
>> )
>>  
>> 
>> 
>> 
>> 
>>> On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
>>> >> > wrote:
>>> 
>>> Hi All,
>>> We are running the latest PacketFence box and trying to enable the guest 
>>> self registration feature. Everything works fine but one thing. When the 
>>> guest self register himself via the sponsor email and pending for sponsor 
>>> approval, If the sponsor doesn’t approve his request within around 1 
>>> minute, guest pending approval page will fallback to the originate guest 
>>> signup page. Guest doesn’t have WiFi access even sponsor grant the access 
>>> afterwards. Would you please help to shed some light on how to solve this 
>>> issue? Is there a way to have guest stay at the pending page before getting 
>>> the approval instead of fallback to authenticate all over again?
>>> 
>>>  
>>> 
>>> Thank you very much for your help!!!
>>> 
>>>  
>>> 
>>> Scarlett 
>>> 
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net 
>>> 
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-usersdata=02%7C01%7Chelen_power%40resourcepro.com%7C1d0311d9e8e74ed226c208d71a7dab0f%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637006999369746936sdata=mUUIXbTUkOH%2Fez02kFlN39izG6hR0s8uTos5LntCtKM%3Dreserved=0
>>  
>> 
> This email (including any attachments) contains confidential information 
> intended for a specific individual and purpose. If you have received this 
> email in error please notify the sender immediately and delete this e-mail. 
> If you are not the intended recipient 

Re: [PacketFence-users] help - Guest fallback to authentication page

[Ludovic Zammit via PacketFence-users]

Hello Scarlett,

When the sponsor click on the link to validated the access you don’t see any 
error ?

If you check in the logs/packetfence.log you should be able to trace what’s 
going on for that sponsor authentication.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Aug 6, 2019, at 10:24 AM, Scarlett Moss via PacketFence-users 
>  wrote:
> 
> Hi All,
> We are running the latest PacketFence box and trying to enable the guest self 
> registration feature. Everything works fine but one thing. When the guest 
> self register himself via the sponsor email and pending for sponsor approval, 
> If the sponsor doesn’t approve his request within around 1 minute, guest 
> pending approval page will fallback to the originate guest signup page. Guest 
> doesn’t have WiFi access even sponsor grant the access afterwards. Would you 
> please help to shed some light on how to solve this issue? Is there a way to 
> have guest stay at the pending page before getting the approval instead of 
> fallback to authenticate all over again?
> 
>  
> 
> Thank you very much for your help!!!
> 
>  
> 
> Scarlett 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help - Guest fallback to authentication page

[Scarlett Moss via PacketFence-users]

Hi All,

We are running the latest PacketFence box and trying to enable the guest
self registration feature. Everything works fine but one thing. When the
guest self register himself via the sponsor email and pending for sponsor
approval, If the sponsor doesn’t approve his request within around 1
minute, guest pending approval page will fallback to the originate guest
signup page. Guest doesn’t have WiFi access even sponsor grant the access
afterwards. Would you please help to shed some light on how to solve this
issue? Is there a way to have guest stay at the pending page before getting
the approval instead of fallback to authenticate all over again?



Thank you very much for your help!!!



Scarlett
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help - Guest fallback to authentication page

[Scarlett Moss via PacketFence-users]

Hi All,

We are running the latest PacketFence box and trying to enable the guest
self registration feature. Everything works fine but one thing. When the
guest self register himself via the sponsor email and pending for sponsor
approval, If the sponsor doesn’t approve his request within around 1
minute, guest pending approval page will fallback to the originate guest
signup page. Guest doesn’t have WiFi access even sponsor grant the access
afterwards. Would you please help to shed some light on how to solve this
issue? Is there a way to disable this fallback thing ?

Thank you very much!!

Scarlett
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! pfhttpd: [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused

[Helen Power via PacketFence-users]

That solves it! Thank you very much.


From: Fabrice Durand via PacketFence-users 

Sent: Thursday, August 1, 2019 8:10 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] Help! pfhttpd: [ERROR 502 /api/v1/dhcp/stats] 
dial tcp 127.0.0.1:2: getsockopt: connection refused


Hello Helen,

check that:

https://github.com/inverse-inc/packetfence/blob/packetfence-9.0.1/conf/stats.conf.defaults<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Finverse-inc%2Fpacketfence%2Fblob%2Fpacketfence-9.0.1%2Fconf%2Fstats.conf.defaults=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269471993=Ro1bF6X7hm7wMO1m%2FZgoGbMMj1j3Id2T6Zov%2FUA9lu8%3D=0>

you need to commented out the dhcp stat related sections.

then pfcmd configreload hard and restart pfstats



Regards

Fabrice
Le 19-07-31 à 14 h 46, Helen Power via PacketFence-users a écrit :
Hi All,

I'm running PacketFence v9.0.1right now. I notice my packetfence.log is filled 
up with error  "pfhttpd: 31/Jul/2019:13:43:26 -0500 [ERROR 502 
/api/v1/dhcp/stats] dial tcp 127.0.0.1:2: getsockopt: connection refused". 
Is there a way to get rid of these error message? I disabled pfdhcp service on 
Packetfence server as we use external MS DHCP server service.

Thank you very much for your help,

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 
www.resourcepro.com<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.resourcepro.com=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269471993=ECuWceYpnRSpekVFIXvTgMyWGLCu8%2FzmyOiy%2BEBEUz8%3D=0>



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269481987=%2FE6xcjV2BvFOu52x%2FBKpt3svgQG2mDkXWCK632ebvnw%3D=0>

--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269481987=Ri6vejdQi%2BQUpikPVYTua2DKHxkvAEo0WA4iz52FTDw%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269481987=JDYUc77HTeVFDDRSpHCUHhNTRcUa8BuFQ3YVQpZZTvw%3D=0>)
 and PacketFence 
(http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org=02%7C01%7Chelen_power%40resourcepro.com%7C50b6f22bc36640fe066e08d71681d951%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C637002619269491984=YpHrSvChztu8SimevBOjTUzY07IzVEOXPXC4mCF%2FbU8%3D=0>)

This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! pfhttpd: [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused

[Fabrice Durand via PacketFence-users]

Hello Helen,

check that:

https://github.com/inverse-inc/packetfence/blob/packetfence-9.0.1/conf/stats.conf.defaults

you need to commented out the dhcp stat related sections.

then pfcmd configreload hard and restart pfstats


Regards

Fabrice

Le 19-07-31 à 14 h 46, Helen Power via PacketFence-users a écrit :


Hi All,

I’m running PacketFence v9.0.1right now. I notice my packetfence.log 
is filled up with error  “pfhttpd: 31/Jul/2019:13:43:26 -0500 [ERROR 
502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:2: getsockopt: 
connection refused”. Is there a way to get rid of these error message? 
I disabled pfdhcp service on Packetfence server as we use external MS 
DHCP server service.


Thank you very much for your help,

Helen

This email (including any attachments) contains confidential 
information intended for a specific individual and purpose. If you 
have received this email in error please notify the sender immediately 
and delete this e-mail. If you are not the intended recipient any 
disclosing, distributing, copying, or taking any action based on this 
e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 42nd Street, 
Suite 1500 New York, NY 10165 www.resourcepro.com



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help! pfhttpd: [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused

[Helen Power via PacketFence-users]

Hi All,

I'm running PacketFence v9.0.1right now. I notice my packetfence.log is filled 
up with error  "pfhttpd: 31/Jul/2019:13:43:26 -0500 [ERROR 502 
/api/v1/dhcp/stats] dial tcp 127.0.0.1:2: getsockopt: connection refused". 
Is there a way to get rid of these error message? I disabled pfdhcp service on 
Packetfence server as we use external MS DHCP server service.

Thank you very much for your help,

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! Device gain Internet Access without redirecting

[Nicolas Quiniou-Briand via PacketFence-users]

On 2019-07-25 6:36 p.m., Helen Power via PacketFence-users wrote:

Is there any solution for this issue?
Did you check on the controller or AP side if your device is still 
authorized ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help! Device gain Internet Access without redirecting

[Helen Power via PacketFence-users]

Hi All,

We are running the PacketFence v9.0.1 right now. For test purpose, I always use 
one laptop to test different functionalities. After successfully authenticated, 
I then delete the node & user from packetfence server and forget network on my 
laptop and start the test again. The issue I'm having right now is if I use the 
same laptop to connect to my SSID again, it will no longer be redirecting to 
the captive portal. Instead, my laptop gains full internet access. Sometimes, 
the captive portal will show up 30 seconds later, sometimes it just never show. 
When I check the nodes& users from packetfence server, I cannot find any info 
about my laptop. Is there any solution for this issue?

Thank you very much for your help.

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! email is not allowed to sponsor guest access

[G PL via PacketFence-users]

Hello,
Your source is checking in the OU "computers".
I think you need a other source for the users.
Regards

Le mer. 24 juil. 2019 à 01:55, Helen Power via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hi Nicolas,
>
> I think I figured it out. I changed the filter from "member of" to "nested
> group" and now it's working.
>
> Thank you very much for your help,
>
>
> Helen
> -Original Message-
> From: Helen Power via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
> Sent: Tuesday, July 23, 2019 1:35 PM
> To: packetfence-users@lists.sourceforge.net
> Cc: Helen Power 
> Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor
> guest access
>
> Hi Nicolas,
>
> I did /usr/local/pf/bin/pftest authentication helen_power 'password'
> Admin_Sponsor and get a reply like this:
>
> #
> Testing authentication for "Helen_Power"
>
> Authenticating against 'Admin_Sponsor' in context 'admin'
>   Authentication SUCCEEDED against Admin_Sponsor (Authentication
> successful.)
>   Did not match against Admin_Sponsor for 'authentication' rules
>   Did not match against Admin_Sponsor for 'administration' rules
>
> Authenticating against 'Admin_Sponsor' in context 'portal'
>   Authentication SUCCEEDED against Admin_Sponsor (Authentication
> successful.)
>   Did not match against Admin_Sponsor for 'authentication' rules
>   Did not match against Admin_Sponsor for 'administration' rules #
>
> Related info in Authentication.conf:
> [Admin_Sponsor]
> cache_match=0
> read_timeout=10
> realms=
> basedn=DC=x,DC=x,DC=com
> monitor=1
> password=password
> shuffle=0
> searchattributes=
> scope=sub
> email_attribute=mail
> usernameattribute=sAMAccountName
> connection_timeout=5
> binddn=CN=wirelessauth,OU=System Function Account,OU=Special
> Account,DC=X,DC=X,DC=com encryption=none description=Group for sponsorship
> for guests
> port=389
> host=172.16.100.X
> write_timeout=5
> type=AD
>
> [Admin_Sponsor rule Sponsorship]
> action0=mark_as_sponsor=1
> condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security
> Group,OU=Special Account,DC=X,DC=X,DC=com match=all class=administration
> description=Global Tech, US_Cooperate and SDU manager
>
> I'm totally sure that my sponsor user belongs to the group
> (WirelessSponosrGlobal) defined in the condition above. Like I mentioned in
> the previous email, do you think my PF box not be able to re-join the
> Active directory domain has anything to do with this issue? Or what do you
> suggest me to do next?
>
> #
> [root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u could not
> obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not
> obtain winbind domain name!
> Error looking up domain users
>
> [root@packetfence PFdomain]# wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed failed to
> call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not
> check secret
>
> [root@pfence bin]# net ads info
> ads_connect: No logon servers are currently available to service the logon
> request.
> ads_connect: No logon servers are currently available to service the logon
> request.
> Didn't find the ldap server!
> #
>
> Domain.conf:
> [Test]
>
> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
> registration=0
> ntlm_cache_expiry=3600
> dns_name=x.x.com
> dns_servers=172.16.100.X
> ou=Computers
> ntlm_cache_on_connection=disabled
> workgroup=abc0
> ntlm_cache_batch_one_at_a_time=disabled
> sticky_dc=*
> ad_server=172.16.100.X
> ntlm_cache_batch=disabled
> server_name=%h
>
>
> Thank you very much for your help.
>
>
>
>
> -Original Message-
> From: Nicolas Quiniou-Briand via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
> Sent: Tuesday, July 23, 2019 6:57 AM
> To: packetfence-users@lists.sourceforge.net
> Cc: Nicolas Quiniou-Briand 
> Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor
> guest access
>
> Hello,
>
> On 2019-07-22 9:53 p.m., Helen Power via PacketFence-users wrote:
> > We want to achieve guest self-registration feature via sponsor email.
> > I defined one authentication source type to AD with action "Mark as
> > sponsor" . However, when I use guest signup and put the sponsor email
> > in then it says "Email XX is not allowed to sponsor guest access",
>

Re: [PacketFence-users] Help! email is not allowed to sponsor guest access

[Helen Power via PacketFence-users]

Hi Nicolas,

I think I figured it out. I changed the filter from "member of" to "nested 
group" and now it's working.

Thank you very much for your help,


Helen
-Original Message-
From: Helen Power via PacketFence-users 

Sent: Tuesday, July 23, 2019 1:35 PM
To: packetfence-users@lists.sourceforge.net
Cc: Helen Power 
Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor guest 
access

Hi Nicolas,

I did /usr/local/pf/bin/pftest authentication helen_power 'password' 
Admin_Sponsor and get a reply like this:

#
Testing authentication for "Helen_Power"

Authenticating against 'Admin_Sponsor' in context 'admin'
  Authentication SUCCEEDED against Admin_Sponsor (Authentication successful.)
  Did not match against Admin_Sponsor for 'authentication' rules
  Did not match against Admin_Sponsor for 'administration' rules

Authenticating against 'Admin_Sponsor' in context 'portal'
  Authentication SUCCEEDED against Admin_Sponsor (Authentication successful.)
  Did not match against Admin_Sponsor for 'authentication' rules
  Did not match against Admin_Sponsor for 'administration' rules #

Related info in Authentication.conf:
[Admin_Sponsor]
cache_match=0
read_timeout=10
realms=
basedn=DC=x,DC=x,DC=com
monitor=1
password=password
shuffle=0
searchattributes=
scope=sub
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
binddn=CN=wirelessauth,OU=System Function Account,OU=Special 
Account,DC=X,DC=X,DC=com encryption=none description=Group for sponsorship for 
guests
port=389
host=172.16.100.X
write_timeout=5
type=AD

[Admin_Sponsor rule Sponsorship]
action0=mark_as_sponsor=1
condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security 
Group,OU=Special Account,DC=X,DC=X,DC=com match=all class=administration 
description=Global Tech, US_Cooperate and SDU manager

I'm totally sure that my sponsor user belongs to the group 
(WirelessSponosrGlobal) defined in the condition above. Like I mentioned in the 
previous email, do you think my PF box not be able to re-join the Active 
directory domain has anything to do with this issue? Or what do you suggest me 
to do next?

#
[root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u could not 
obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not 
obtain winbind domain name!
Error looking up domain users

[root@packetfence PFdomain]# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could 
not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed failed to call 
wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not check secret

[root@pfence bin]# net ads info
ads_connect: No logon servers are currently available to service the logon 
request.
ads_connect: No logon servers are currently available to service the logon 
request.
Didn't find the ldap server!
#

Domain.conf:
[Test]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
registration=0
ntlm_cache_expiry=3600
dns_name=x.x.com
dns_servers=172.16.100.X
ou=Computers
ntlm_cache_on_connection=disabled
workgroup=abc0
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=172.16.100.X
ntlm_cache_batch=disabled
server_name=%h


Thank you very much for your help.




-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 

Sent: Tuesday, July 23, 2019 6:57 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor guest 
access

Hello,

On 2019-07-22 9:53 p.m., Helen Power via PacketFence-users wrote:
> We want to achieve guest self-registration feature via sponsor email.
> I defined one authentication source type to AD with action "Mark as
> sponsor" . However, when I use guest signup and put the sponsor email
> in then it says "Email XX is not allowed to sponsor guest access",
> which I'm sure the email address should can sponsor the guest access.

Make a test with your sponsor user to see if the "Admin_Sponsor" rule match:

#v+
pftest authentication YOUR_SPONSOR_USER_ID '' Admin_Sponsor
#v-

In the output, you should see if your sponsor user match the rule and is able 
to sponsor.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Finverse.cadata=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523sdata=SPsGndizpf0JPyqKEEqyMcOfuxDE6wIEfMJuWC9ExHs%3Dreserved=0
Inverse inc. :: Leaders behind SOGo 
(https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsogo.nudata=02%7C01%7Chelen_power%40resourcepro.com%7Cde7c828ba9d743f4489408d70fa67edb%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636995080089701523sdata=22da

Re: [PacketFence-users] Help! email is not allowed to sponsor guest access

[Helen Power via PacketFence-users]

Hi Nicolas,

I did /usr/local/pf/bin/pftest authentication helen_power 'password' 
Admin_Sponsor and get a reply like this:

#
Testing authentication for "Helen_Power"

Authenticating against 'Admin_Sponsor' in context 'admin'
  Authentication SUCCEEDED against Admin_Sponsor (Authentication successful.)
  Did not match against Admin_Sponsor for 'authentication' rules
  Did not match against Admin_Sponsor for 'administration' rules

Authenticating against 'Admin_Sponsor' in context 'portal'
  Authentication SUCCEEDED against Admin_Sponsor (Authentication successful.)
  Did not match against Admin_Sponsor for 'authentication' rules
  Did not match against Admin_Sponsor for 'administration' rules
#

Related info in Authentication.conf:
[Admin_Sponsor]
cache_match=0
read_timeout=10
realms=
basedn=DC=x,DC=x,DC=com
monitor=1
password=password
shuffle=0
searchattributes=
scope=sub
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
binddn=CN=wirelessauth,OU=System Function Account,OU=Special 
Account,DC=X,DC=X,DC=com
encryption=none
description=Group for sponsorship for guests
port=389
host=172.16.100.X
write_timeout=5
type=AD

[Admin_Sponsor rule Sponsorship]
action0=mark_as_sponsor=1
condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security 
Group,OU=Special Account,DC=X,DC=X,DC=com
match=all
class=administration
description=Global Tech, US_Cooperate and SDU manager

I'm totally sure that my sponsor user belongs to the group 
(WirelessSponosrGlobal) defined in the condition above. Like I mentioned in the 
previous email, do you think my PF box not be able to re-join the Active 
directory domain has anything to do with this issue? Or what do you suggest me 
to do next?

#
[root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users

[root@packetfence PFdomain]# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret

[root@pfence bin]# net ads info
ads_connect: No logon servers are currently available to service the logon 
request.
ads_connect: No logon servers are currently available to service the logon 
request.
Didn't find the ldap server!
#

Domain.conf:
[Test]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
registration=0
ntlm_cache_expiry=3600
dns_name=x.x.com
dns_servers=172.16.100.X
ou=Computers
ntlm_cache_on_connection=disabled
workgroup=abc0
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=172.16.100.X
ntlm_cache_batch=disabled
server_name=%h


Thank you very much for your help.




-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 

Sent: Tuesday, July 23, 2019 6:57 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Help! email is not allowed to sponsor guest 
access

Hello,

On 2019-07-22 9:53 p.m., Helen Power via PacketFence-users wrote:
> We want to achieve guest self-registration feature via sponsor email.
> I defined one authentication source type to AD with action "Mark as
> sponsor" . However, when I use guest signup and put the sponsor email
> in then it says "Email XX is not allowed to sponsor guest access",
> which I'm sure the email address should can sponsor the guest access.

Make a test with your sponsor user to see if the "Admin_Sponsor" rule match:

#v+
pftest authentication YOUR_SPONSOR_USER_ID '' Admin_Sponsor
#v-

In the output, you should see if your sponsor user match the rule and is able 
to sponsor.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Finverse.cadata=02%7C01%7Chelen_power%40resourcepro.com%7C1faebc86948740de7b9b08d70f6502e9%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636994798839345282sdata=MweX%2Bl8jhEdgI6KR4c8zkOyJk2nle0CotwajDtdTXxo%3Dreserved=0
Inverse inc. :: Leaders behind SOGo 
(https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsogo.nudata=02%7C01%7Chelen_power%40resourcepro.com%7C1faebc86948740de7b9b08d70f6502e9%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636994798839345282sdata=A7Ibafcv4XnVesq96zI01v18M7jhunyGXjKIX%2F6tS%2Fs%3Dreserved=0),
 PacketFence
(https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpacketfence.orgdata=02%7C01%7Chelen_power%40resourcepro.com%7C1faebc86948740de7b9b08d70f6502e9%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636994798839345282sdata=WxGGSRzlSZduA11eKj80H886pDBFBpLII%2B6nyZiEw4I%3Dreserved=0)
 and Fingerbank 
(https://nam04.safelinks.protection.outlook.com/?url=http%3A%2

Re: [PacketFence-users] Help! email is not allowed to sponsor guest access

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 2019-07-22 9:53 p.m., Helen Power via PacketFence-users wrote:
We want to achieve guest self-registration feature via sponsor email. I 
defined one authentication source type to AD with action “Mark as 
sponsor” . However, when I use guest signup and put the sponsor email in 
then it says “Email XX is not allowed to sponsor guest access”, which 
I’m sure the email address should can sponsor the guest access.


Make a test with your sponsor user to see if the "Admin_Sponsor" rule match:

#v+
pftest authentication YOUR_SPONSOR_USER_ID '' Admin_Sponsor
#v-

In the output, you should see if your sponsor user match the rule and is 
able to sponsor.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help : Fail to start Packet fence service

[Nicolas Quiniou-Briand via PacketFence-users]

On 2019-07-23 11:50 a.m., adr.lebron--- via PacketFence-users wrote:
How can I change the IP that was configured yesterday to make it correct 
here ?


Edit pf.conf and change IP your ip address. Then run following commands:
#v+
/usr/local/pf/bin/pfcmd configreload hard
/usr/local/pf/bin/pfcmd service httpd.admin restart
#v-
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help : Fail to start Packet fence service

[adr.lebron--- via PacketFence-users]

Hi, Thanks for your answer. 

I configurated the Database and reconfigure the packet with dpkg, it worked, 
but i was at home and selected my LAN for address, so now i'm at the company 
and have this error message : 



-- L'unité (unit) packetfence-httpd.admin.service a commencé à démarrer. 
juil. 23 11:34:55 debian packetfence[10464]: INFO -e(10464): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
juil. 23 11:34:55 debian packetfence[10464]: INFO -e(10464): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
juil. 23 11:35:11 debian admin_catalyst[10471]: httpd.admin(10471) WARN: 
[mac:[undef]] Unicode::Encoding plugin is auto-applied, please remove this from 
your appclass and make sure to define "encoding" config 
(Catalyst::setup_plugins) 
juil. 23 11:35:11 debian apache2[10471]: AH00558: apache2: Could not reliably 
determine the server's fully qualified domain name, using 127.0.1.1. Set the 
'ServerName' directive globally to suppress this messag e 
juil. 23 11:35:11 debian apache2[10471]: (99)Ne peut attribuer l'adresse 
demandée: AH00072: make_sock: could not bind to address 192.168.0.28:1443 
juil. 23 11:35:11 debian apache2[10471]: no listening sockets available, 
shutting down 
juil. 23 11:35:11 debian apache2[10471]: AH00015: Unable to open logs 
juil. 23 11:35:12 debian systemd[1]: packetfence-httpd.admin.service: Main 
process exited, code=exited, status=1/FAILURE 
juil. 23 11:35:12 debian systemd[1]: Failed to start PacketFence Administration 
Apache HTTP Server. 
-- Subject: L'unité (unit) packetfence-httpd.admin.service a échoué 




How can I change the IP that was configured yesterday to make it correct here ? 

- Mail original -

De: "lists via PacketFence-users"  
À: packetfence-users@lists.sourceforge.net 
Cc: "lists"  
Envoyé: Mardi 23 Juillet 2019 10:56:59 
Objet: Re: [PacketFence-users] Help : Fail to start Packet fence service 

Hi, 

No expert, but: 

On 19-7-2019 11:12, adr.lebron--- via PacketFence-users wrote: 
> juil. 17 14:28:43 debian pfcmd[4448]: FATAL - please define exactly one 
> management interface 
> juil. 17 14:28:43 debian pfcmd[4448]: WARNING - internal network(s) not 
> defined! 
> juil. 17 14:28:43 debian pfcmd[4448]: FATAL - Unable to connect to your 
> database. Please verify your connection settings in conf/pf.conf and 
> make sure that it is started. 

It seems to me that you should address these three issues, and then try 
again..? Perhaps the most important (and easy to solve) one is database 
access as user pf. 

Goodluck! 

MJ 


___ 
PacketFence-users mailing list 
PacketFence-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/packetfence-users 

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help : Fail to start Packet fence service

[lists via PacketFence-users]

Hi,

No expert, but:

On 19-7-2019 11:12, adr.lebron--- via PacketFence-users wrote:
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - please define exactly one 
management interface
juil. 17 14:28:43 debian pfcmd[4448]: WARNING - internal network(s) not 
defined!
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - Unable to connect to your 
database. Please verify your connection settings in conf/pf.conf and 
make sure that it is started.


It seems to me that you should address these three issues, and then try 
again..? Perhaps the most important (and easy to solve) one is database 
access as user pf.


Goodluck!

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help! email is not allowed to sponsor guest access

[Helen Power via PacketFence-users]

Hi All,

We want to achieve guest self-registration feature via sponsor email. I defined 
one authentication source type to AD with action "Mark as sponsor" . However, 
when I use guest signup and put the sponsor email in then it says "Email XX is 
not allowed to sponsor guest access", which I'm sure the email address should 
can sponsor the guest access. One side note is I used to be successfully join 
my PF box intoActive Directory domain. However, I un-joined it one time and 
ever since then, I have no luck to join the AD domain again. The error says: 
Enter packetfence$@X.X.COM's password:Join to domain is not valid: NT code 
0xfff6. Would you please help so I can have the guest sponsor feature 
working? Please see some of the logs/ configuration below:

[root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users

[root@packetfence PFdomain]# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret

Domain.conf:
[Test]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
registration=0
ntlm_cache_expiry=3600
dns_name=x.x.com
dns_servers=172.16.100.X
ou=Computers
ntlm_cache_on_connection=disabled
workgroup=abc0
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=172.16.100.X
ntlm_cache_batch=disabled
server_name=%h
~

Related info in Authentication.conf:
[Admin_Sponsor]
cache_match=0
read_timeout=10
realms=
basedn=DC=x,DC=x,DC=com
monitor=1
password=password
shuffle=0
searchattributes=
scope=sub
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
binddn=CN=wirelessauth,OU=System Function Account,OU=Special 
Account,DC=X,DC=X,DC=com
encryption=none
description=Group for sponsorship for guests
port=389
host=172.16.100.X
write_timeout=5
type=AD

[Admin_Sponsor rule Sponsorship]
action0=mark_as_sponsor=1
condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security 
Group,OU=Special Account,DC=X,DC=X,DC=com
match=all
class=administration
description=Global Tech, US_Cooperate and SDU manager

[Sponsor_RSP]
create_local_account=no
validate_sponsor=yes
password_length=8
allow_localdomain=yes
lang=en_US
local_account_logins=0
description=Sponsor-based registration
email_activation_timeout=30m
hash_passwords=plaintext
type=SponsorEmail

[Sponsor_RSP rule Sponsor]
action0=set_role=guest
match=all
class=authentication
action1=set_access_duration=5D


Please let me know if you need any other information.

Thank you very much for your help,

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help : Fail to start Packet fence service

[adr.lebron--- via PacketFence-users]

Hi, i'm beeginer with PacketFence and I tried to install the software on a VM 
Debian Stretch with VirtualBox 

But, I can't access to the web configurator, because the service doesn't work 
or doesn't start. 
I 'm blocked since last week on this, I tried more than 5 install on differents 
computer, but never works. 

I have here the result of systemctl status packetfence.service : 



● packetfence.service - PacketFence Service 
Loaded: loaded (/lib/systemd/system/packetfence.service; disabled; vendor 
preset: enabled) 
Active: failed (Result: exit-code) since Wed 2019-07-17 14:28:46 CEST; 1min 57s 
ago 
Process: 4448 ExecStart=/usr/local/pf/bin/pfcmd service pf start (code=exited, 
status=255) 

juil. 17 14:28:43 debian pfcmd[4448]: Radius configuration is missing from 
raddb directory. Assuming this is a first run. 
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - please define exactly one 
management interface 
juil. 17 14:28:43 debian pfcmd[4448]: WARNING - internal network(s) not 
defined! 
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - Unable to connect to your 
database. Please verify your connection settings in conf/pf.conf and make sure 
that it is started. 
juil. 17 14:28:43 debian pfcmd[4448]: WARNING - networks.conf is empty but 
services.dhcpd is enabled. Disable it to remove this warning. 
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - Cannot connect to database to 
check schema version: unable to connect to database: Access denied for user 
'pf'@'localhost' (using password: YES) at /usr/local/pf/lib/pf/dal.pm line 69. 
juil. 17 14:28:46 debian systemd[1]: packetfence.service: Control process 
exited, code=exited status=255 
juil. 17 14:28:46 debian systemd[1]: Failed to start PacketFence Service. 
juil. 17 14:28:46 debian systemd[1]: packetfence.service: Unit entered failed 
state. 
juil. 17 14:28:46 debian systemd[1]: packetfence.service: Failed with result 
'exit-code'. 




And the result of the command journalctl -xe : 





-- Logs begin at Wed 2019-07-17 11:50:35 CEST, end at Wed 2019-07-17 14:17:03 
CEST. -- 
juil. 17 14:13:30 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:31 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:32 debian pfmon[1242]: pfmon(1242) FATAL: [mac:unknown] unable 
to connect to database: Access denied for user 'pf'@'localhost' (using 
password: YES) at /usr/share/perl5/CHI/Driver.pm line 546. 
(pf::db::db_connect) 
juil. 17 14:13:32 debian pfmon[1242]: pfmon(1242) FATAL: [mac:unknown] unable 
to connect to database: Access denied for user 'pf'@'localhost' (using 
password: YES) at /usr/local/pf/lib/pf/dal.pm line 69. 
(pf::db::db_connect) 
juil. 17 14:13:32 debian pfmon[1242]: pfmon(1242) ERROR: [mac:unknown] Error 
running task cleanup_chi_database_cache: unable to connect to database: Access 
denied for user 'pf'@'localhost' (using password: YES) at 
/usr/local/pf/lib/pf/dal.pm line 69. 
(main::_runtask) 
juil. 17 14:13:32 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:33 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:34 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:35 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:36 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:37 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:38 debian packetfence[2922]: FATAL -e(2922): Can't use string 
("") as a HASH ref while "strict refs" in use at 
/usr/local/pf/lib/pf/services/manager/httpd_portal.pm line 64. 
(pf::services::manager::httpd_portal::vhost_management_network) 
juil. 17 14:13:38 debian perl[2922]: Can't use string ("") as a HASH ref while 
"strict refs" in use at /usr/local/pf/lib/pf/services/manager/httpd_portal.pm 
line 64. 
juil. 17 14:13:38 debian packetfence[998]: FATAL -e(998): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1. 
(pf::db::db_connect) 
juil. 17 14:13:38 debian packetfence[2924]: FATAL -e(2924): 

Re: [PacketFence-users] Help! Cannot set administration rule "Mark as sponsor"

[Helen Power via PacketFence-users]

Hi Fabrice,

I just applied /usr/local/pf/addons/pf-maint.pl and now I'm not able to see the 
GUI management interface. It's just showing blank.

[cid:image001.png@01D53D44.DA498760]

Helen

From: Fabrice Durand via PacketFence-users 

Sent: Thursday, July 18, 2019 8:36 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] Help! Cannot set administration rule "Mark as 
sponsor"


Hello Helen,

did you applied the maintenance ?

/usr/local/pf/addons/pf-maint.pl

And refresh the admin GUI.

Regards

Fabrice


Le 19-07-18 à 09 h 02, Helen Power via PacketFence-users a écrit :
Hi All,

I try to create a AD source with "mark as sponsor" action, I got the error 
messages below. We need this function to sponsor guest self-registration via 
email.

Unable to validate /api/v1/config/source/Admin_Sponsor
Administration_rules.0.actions.0.value: Value field is required 
/api/v1/config/source/admin_sponsor
[cid:part1.09B28297.1DCDC7B5@inverse.ca]

I researched and found a article 
https://github.com/inverse-inc/packetfence/issues/4597<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Finverse-inc%2Fpacketfence%2Fissues%2F4597=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140748332=I31W%2BXpOIr1KOkVQTfapAIXCrSV%2F9nHATFj7QCfijuw%3D=0>.
 However, it didn't give solution. Do you know is there an alternative or a 
solution to achieve this feature?

Thank you so much for your help!

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 
www.resourcepro.com<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.resourcepro.com=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140748332=UR5RBNwnDbhIrS2vsNA5g4%2BuVqyRqqXR3MxwzZ1gnLY%3D=0>



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140758316=H0aprLKgUDKgjOYHzc%2FB5ehgF%2BSJqP%2Fukg5cTZDsOF4%3D=0>

--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140758316=hLwnbPSLHVdyTJ%2F9gt8vl%2FnjH%2BcGw4V%2BWDLu6iv3yD8%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140768319=o%2BnzFp4BdzpgMO0EassTmPVgC0KaQ5CAHSn9cu0vnkc%3D=0>)
 and PacketFence 
(http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org=02%7C01%7Chelen_power%40resourcepro.com%7C526a71a6885c4eb7bbbc08d70b84fd65%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990538140768319=vwT7gr1QIeexOrTkIZRDyhSJ%2BdS1p5aE6ydHH67UWwA%3D=0>)

This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help! Cannot set administration rule "Mark as sponsor"

[Helen Power via PacketFence-users]

That solves it! And now I'm able to apply action to mark as sponsor as well. 
Thank you so much for your help Fabrice!

Helen


From: Fabrice Durand 
Sent: Thursday, July 18, 2019 8:44 AM
To: Helen Power ; 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Help! Cannot set administration rule "Mark as 
sponsor"


Run it twice


Le 19-07-18 à 09 h 43, Helen Power a écrit :
Hi Fabrice,

I just applied /usr/local/pf/addons/pf-maint.pl and now I'm not able to see the 
GUI management interface. It's just showing blank.

[cid:part1.D7618F7C.D804C049@inverse.ca]

Helen

From: Fabrice Durand via PacketFence-users 
<mailto:packetfence-users@lists.sourceforge.net>
Sent: Thursday, July 18, 2019 8:36 AM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <mailto:fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Help! Cannot set administration rule "Mark as 
sponsor"


Hello Helen,

did you applied the maintenance ?

/usr/local/pf/addons/pf-maint.pl

And refresh the admin GUI.

Regards

Fabrice


Le 19-07-18 à 09 h 02, Helen Power via PacketFence-users a écrit :
Hi All,

I try to create a AD source with "mark as sponsor" action, I got the error 
messages below. We need this function to sponsor guest self-registration via 
email.

Unable to validate /api/v1/config/source/Admin_Sponsor
Administration_rules.0.actions.0.value: Value field is required 
/api/v1/config/source/admin_sponsor
[cid:part1.09B28297.1DCDC7B5@inverse.ca]

I researched and found a article 
https://github.com/inverse-inc/packetfence/issues/4597<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Finverse-inc%2Fpacketfence%2Fissues%2F4597=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380552014=8IIE06lh11DufPJWU%2Fvf1uBGwD7ZH670%2FPc2emdgCe4%3D=0>.
 However, it didn't give solution. Do you know is there an alternative or a 
solution to achieve this feature?

Thank you so much for your help!

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 
www.resourcepro.com<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.resourcepro.com=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380562011=ARKGhFinT1Y8KtwySBTW8cgHhXZNtXoY%2FjFb%2F8PnhQo%3D=0>




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380562011=j81UMhS09MB1zzaxgYMSO%2BOB5cBRrrH1LFBbgZ7Qzqg%3D=0>

--

Fabrice Durand

fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inverse.ca=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380572004=p%2FH4MM1mNT6z9oloKBdSRaTyhHyaesJI1%2BV81vChzec%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380572004=DRmNwUjANmBEsFZiOdUGYjp4QQHbMWMUMyWuGQZ1%2Bag%3D=0>)
 and PacketFence 
(http://packetfence.org<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org=02%7C01%7CHelen_Power%40resourcepro.com%7C2575c74d7d264c4359df08d70b85fb02%7C096fa2b2af5c42ec867e7a63ad92dc95%7C0%7C0%7C636990542380581997=qy22kF%2FT9e8qja8YAwnUjusyh32qRW1Pb%2FSvlet0itA%3D=0>)
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 
www.resourcepro.com<https://nam04.safelinks.p

Re: [PacketFence-users] Help! Cannot set administration rule "Mark as sponsor"

[Fabrice Durand via PacketFence-users]

Hello Helen,

did you applied the maintenance ?

/usr/local/pf/addons/pf-maint.pl

And refresh the admin GUI.

Regards

Fabrice


Le 19-07-18 à 09 h 02, Helen Power via PacketFence-users a écrit :


Hi All,

I try to create a AD source with “mark as sponsor” action, I got the 
error messages below. We need this function to sponsor guest 
self-registration via email.


Unable to validate /api/v1/config/source/Admin_Sponsor

Administration_rules.0.actions.0.value: Value field is required 
/api/v1/config/source/admin_sponsor


I researched and found a article 
https://github.com/inverse-inc/packetfence/issues/4597 
. However, it 
didn’t give solution. Do you know is there an alternative or a 
solution to achieve this feature?


Thank you so much for your help!

Helen

This email (including any attachments) contains confidential 
information intended for a specific individual and purpose. If you 
have received this email in error please notify the sender immediately 
and delete this e-mail. If you are not the intended recipient any 
disclosing, distributing, copying, or taking any action based on this 
e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 42nd Street, 
Suite 1500 New York, NY 10165 www.resourcepro.com



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help! Cannot set administration rule "Mark as sponsor"

[Helen Power via PacketFence-users]

Hi All,

I try to create a AD source with "mark as sponsor" action, I got the error 
messages below. We need this function to sponsor guest self-registration via 
email.

Unable to validate /api/v1/config/source/Admin_Sponsor
Administration_rules.0.actions.0.value: Value field is required 
/api/v1/config/source/admin_sponsor
[cid:image001.png@01D53D3F.2B08F920]

I researched and found a article 
https://github.com/inverse-inc/packetfence/issues/4597. However, it didn't give 
solution. Do you know is there an alternative or a solution to achieve this 
feature?

Thank you so much for your help!

Helen
This email (including any attachments) contains confidential information 
intended for a specific individual and purpose. If you have received this email 
in error please notify the sender immediately and delete this e-mail. If you 
are not the intended recipient any disclosing, distributing, copying, or taking 
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 
42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help - "Your computer was not found in Packetfence database"

[Helen Power via PacketFence-users]

Hi All,

I just installed packetfence v9.0.1 on Azure VM and use web-auth mode for all 
the Wi-Fi guest access. However, when  the laptop connects to the Wi-Fi signal, 
the captive portal will show "an error occurred. Your computer was not found in 
the packetfence database. Please reboot to solve this issue. " We have the same 
setup Packetfence server v6 on production. When I point my Cisco WLC2504 to the 
production server, the captive portal redirect fine. However, it's just not 
working with v9.0.1. Would you please share some thoughts on what may cause the 
issue?

Here are some logs & configuration for your references:

Pf.conf:

# general.domain
#
# Domain name of PacketFence system.
domain=x.x.com
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in 
Apache rewriting rules and therefore must be resolvable by clients.
hostname=PFence
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to allow DHCP 
transactions from even "trapped" nodes.
dhcpservers=10.20.20.Z,127.0.0.1
#
# general.timezone
#
# System's timezone in string format. List generated from Perl library 
DateTime::TimeZone
# When left empty, it will use the timezone of the server
timezone=America/Chicago

[network]
#
# network.dhcp_process_ipv6
#
# Enable/disable ipv6 dhcp packets processing by pfdhcplistener.
dhcp_process_ipv6=disabled

[fencing]
#
# fencing.range
#
# Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will 
monitor/detect/trap on.  Gateway, network, and
# broadcast addresses are ignored.
range=172.25.0.0/16
#
# fencing.passthrough
#
# When enabled, pfdns will resolve the real IP addresses of passthroughs and 
add them in the ipset session to give access
# to trapped devices. Don´t forget to enable ip_forward on your server.
passthrough=disabled


[guests_admin_registration]
#
# guests_admin_registration.default_access_duration
#
# This is the default access duration value selected in the dropdown on the
# guest management interface.
default_access_duration=5D

[alerting]
#
# alerting.emailaddr
#
# Comma-delimited list of email addresses to which notifications of rogue DHCP 
servers, security_events with an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=hele...@x.com
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr.  The default is 
localhost - be sure you're running an SMTP
# host locally if you don't change it!
smtpserver=mail.x.com

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this parameter 
after the initial configuration will *not* change it in the database it self, 
only in the configuration.
pass=password

[services]
#
# services.pfdhcp
#
# Should pfdhcp be managed by PacketFence?
pfdhcp=disabled
#
# services.routes
#
# Should routes be managed by PacketFence?
routes=disabled
# services.tc
#
# Should tc be managed by PacketFence?
tc=disabled

[snmp_traps]
#
# snmp_traps.trap_limit_action
#
# Action that PacketFence will take if the snmp_traps.trap_limit_threshold is 
reached.
# Defaults to none. email will send an email every hour if the limit's still 
reached.
# shut will shut the port on the switch and will also send an email even if 
email is not
# specified.
trap_limit_action=email

[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the 
common/network-access-detection.gif which is used to detect if network
# access was enabled.
# It cannot be a domain name since it is used in registration or quarantine 
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence server 
and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy solution.
#
network_detection_ip=40.118.248.211
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when redirecting
# captured clients. This is the default behavior.
secure_redirect=disabled
#
# captive_portal.rate_limiting
#
# Temporarily deny access to a user that performs too many requests on the 
captive portal on invalid URLs
rate_limiting=disabled

[advanced]
#
# advanced.portal_csp_security_headers
#
# Enforce Content-Security-Policy (CSP) HTTP response header in the captive 
portal interface
#
portal_csp_security_headers=disabled
# advanced.sso_on_dhcp
#
# Trigger Single-Sign-On (Firewall SSO) on dhcp
sso_on_dhcp=disabled
#
# advanced.hash_passwords
#
# The algorithm to use to hash the passwords in the local database.
hash_passwords=plaintext

[interface eth0]
ip=172.16.101.25
type=management,portal
mask=255.255.255.240


Packetfence. Log: \\204.237.167.X is the guest mapped IP 
address.

Jul 16 14:29:49 PFence pfhttpd: 16/Jul/2019:14:29:49 + [ERROR 502 
/api/v1/dhcp/stats] dial tcp 127.0.0.1:2: getsockopt: connection refused
Jul 

[PacketFence-users] Help with certificate error after upgrade

[Truax, Peter via PacketFence-users]

Hi All,

We just upgraded from 8.1 to 9.1 ( and all the steps in between). Everything is 
operational as far as registering, authenticating and accessing network 
resources. But, when I try to click on the SSL Certificates link in the new 
admin GUI under Configuration - System Configuration - SSL Certificates, it 
gives the following error:

Failed to parse server certificate
/api/v1/config/certificate/http/info

Anyone know where I can fix this? We have only one set of .crt, .key and .pem 
files installed under /usr/local/pf/conf/ssl and they match the names given in 
/usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf. I am not sure where 
./api/v1/config/ is on the file system. When we installed the system, we kept 
the default names, and renamed our own wildcard certificate.

Regards,

Peter Truax
Network Administrator
(360) 688-2240
Saint Martin's University
5000 Abbey Way E
Lacey, WA 98503

[cid:image001.png@01D530BE.7C5D33A0]

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help developing perl module for FiberStore Switchs

[Durand fabrice via PacketFence-users]

Hello Adrian,

so you should at least create a specific module for the FiberStone in 
order to have it listed in the admin gui.


So it will be really easy:

in lib/pf/Switch/ create a file FiberStone.pm with a content like that 
(rename IBM by FiberStone):

https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/IBM.pm

and instead of:

use base ('pf::Switch');

replace by that:

use base ('pf::Generic');

Then do a pull request with you switch module.

Regards

Fabrice


Le 19-04-08 à 11 h 11, Adrian Dessaigne via PacketFence-users a écrit :

Hello Fabrice

I've done some test with the SNMP and the FiberStore switch. Good 
news, the vlan assignement work (from regsitration vlan to production 
after authentication).
Then I've set the death methode to SNMP, reevaluate the access of the 
device and it worked.

I've tryed to reboot the switch port from node tab, worked too !

Do you want the MIB Files or is it enought to program the module ?

Best regards

Adrian


*De: *"packetfence-users" 
*À: *"packetfence-users" 
*Cc: *"Durand fabrice" 
*Envoyé: *Lundi 1 Avril 2019 03:33:44
*Objet: *Re: [PacketFence-users] Help developing perl module for 
FiberStore Switchs


Hello Adrian,

first try with the generic swiitch module to see if you are able to set
a vlan on a radius reply.

Then configure the snmp on the switch and choose snmp as deauth method
and try to reevaluate the access of the device (from node tab).

If the vlan change then the generic switch module will be a good
starting point.

Regards

Fabrice




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help developing perl module for FiberStore Switchs

[Adrian Dessaigne via PacketFence-users]

Hello Nicoals, 

You're right. At this point I don't think developing a specific module is 
needed. However, I think we can now add this switch (FiberStore S3500-48T4S) 
into the compatiblity list. 

Best regards, 

Adrian 


De: "packetfence-users"  
À: "packetfence-users"  
Cc: "Nicolas Quiniou-Briand"  
Envoyé: Mardi 9 Avril 2019 13:24:08 
Objet: Re: [PacketFence-users] Help developing perl module for FiberStore 
Switchs 

Hello Adrian, 

On 2019-04-08 5:11 p.m., Adrian Dessaigne via PacketFence-users wrote: 
> Do you want the MIB Files or is it enought to program the module ? 

If the generic module do the job, why do you want to develop a specific 
module ? 

-- 
Nicolas Quiniou-Briand 
n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca 
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org) 


___ 
PacketFence-users mailing list 
PacketFence-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/packetfence-users 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help developing perl module for FiberStore Switchs

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Adrian,

On 2019-04-08 5:11 p.m., Adrian Dessaigne via PacketFence-users wrote:

Do you want the MIB Files or is it enought to program the module ?


If the generic module do the job, why do you want to develop a specific 
module ?


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help developing perl module for FiberStore Switchs

[Adrian Dessaigne via PacketFence-users]

Hello Fabrice 

I've done some test with the SNMP and the FiberStore switch. Good news, the 
vlan assignement work (from regsitration vlan to production after 
authentication). 
Then I've set the death methode to SNMP, reevaluate the access of the device 
and it worked. 
I've tryed to reboot the switch port from node tab, worked too ! 

Do you want the MIB Files or is it enought to program the module ? 

Best regards 

Adrian 


De: "packetfence-users"  
À: "packetfence-users"  
Cc: "Durand fabrice"  
Envoyé: Lundi 1 Avril 2019 03:33:44 
Objet: Re: [PacketFence-users] Help developing perl module for FiberStore 
Switchs 

Hello Adrian, 

first try with the generic swiitch module to see if you are able to set 
a vlan on a radius reply. 

Then configure the snmp on the switch and choose snmp as deauth method 
and try to reevaluate the access of the device (from node tab). 

If the vlan change then the generic switch module will be a good 
starting point. 

Regards 

Fabrice 


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help developing perl module for FiberStore Switchs

[Durand fabrice via PacketFence-users]

Hello Adrian,

first try with the generic swiitch module to see if you are able to set 
a vlan on a radius reply.


Then configure the snmp on the switch and choose snmp as deauth method 
and try to reevaluate the access of the device (from node tab).


If the vlan change then the generic switch module will be a good 
starting point.


Regards

Fabrice


Le 19-03-31 à 10 h 02, Adrian Dessaigne via PacketFence-users a écrit :

Hello,

I plan to implement a PacketFence solution for customer. I already made a model 
with a cisco 2960 with an Active Directory and VLAN assignement. Everything 
worked fine.
However, the client has an infrastructure based on FiberStore S3900 Series 
switches and I know that FiberStore's switchs are not listed in the supported 
network devices list.

I've asked him if I could get one of his spare switch in order to test if at 
least, this switch work for a basic Radius configuration. I've tested with 
FreeRadius alone and with PacketFence, both result were successful. However, I 
need PacketFence to work as VLAN enforcement and Radius so the switch can 
manage users VLAN after authentication.
I do not have the skills to develop a perl module and I just know something 
about SNMP. Is it possible to have help in order to develop a perl module to 
make PacketFence compatible with Fiberstore S3900 switches? I have the MIB file.

After the development, could we integrate this module for the next version of 
PacketFence?

Best Regards,

Adrian


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help developing perl module for FiberStore Switchs

[Adrian Dessaigne via PacketFence-users]

Hello, 

I plan to implement a PacketFence solution for customer. I already made a model 
with a cisco 2960 with an Active Directory and VLAN assignement. Everything 
worked fine. 
However, the client has an infrastructure based on FiberStore S3900 Series 
switches and I know that FiberStore's switchs are not listed in the supported 
network devices list. 

I've asked him if I could get one of his spare switch in order to test if at 
least, this switch work for a basic Radius configuration. I've tested with 
FreeRadius alone and with PacketFence, both result were successful. However, I 
need PacketFence to work as VLAN enforcement and Radius so the switch can 
manage users VLAN after authentication. 
I do not have the skills to develop a perl module and I just know something 
about SNMP. Is it possible to have help in order to develop a perl module to 
make PacketFence compatible with Fiberstore S3900 switches? I have the MIB 
file. 

After the development, could we integrate this module for the next version of 
PacketFence? 

Best Regards, 

Adrian


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help Required Regarding Upgrading Packetfence 3.6.1 to Latest Release

[Murilo Calegari via PacketFence-users]

Hi, Ahmad,

Please, read these docs:

https://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc

Notice that:

Upgrade notes for a given upgrade path are cumulative. That is to say, if
you are upgrading from version 5.3 to version 6.0 you must apply in order
all changes in between the two versions, including database schema changes.

But:

Upgrading an old version of PacketFence to v4 will be quite an endeavor.
While it’s entirely possible if done meticulously, we suggest you start
from scratch and move your customizations and nodes information over to
your new installation.

Hope this might help you!

Regards,

Murilo

Em sex, 21 de dez de 2018 01:49, Manzoor Ahmad via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:

> Respected All,
>
> Would anyone help me in subject mentioned issue? We are running some old
> release (3.6.1) of Packetfence and now want to upgrade but not from scratch
> (because of the large database). Guidance required in this regard.
>
> Many thanks in advance.
>
>
> Regards,
> Ahmad
>
>
>
>
>
> --
>
> Disclaimer: This email and any attachments may contain confidential
> material and is solely for the use of the intended recipient(s). If you
> have received this email in error, please notify the sender immediately and
> delete this email. If you are not the intended recipient(s), you must not
> use, retain or disclose any information contained in this email. Any views
> or opinions are solely those of the sender and do not necessarily represent
> those of National Centre for Physics (NCP). NCP does accept responsibility
> for any errors or omissions that are present in the message, or any
> attachment, that have arisen as a result of email transmission.
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help Required Regarding Upgrading Packetfence 3.6.1 to Latest Release

[Manzoor Ahmad via PacketFence-users]

Respected All,

Would anyone help me in subject mentioned issue? We are running some old 
release (3.6.1) of Packetfence and now want to upgrade but not from scratch 
(because of the large database). Guidance required in this regard.

Many thanks in advance.


Regards,
Ahmad







Disclaimer: This email and any attachments may contain confidential material 
and is solely for the use of the intended recipient(s). If you have received 
this email in error, please notify the sender immediately and delete this 
email. If you are not the intended recipient(s), you must not use, retain or 
disclose any information contained in this email. Any views or opinions are 
solely those of the sender and do not necessarily represent those of National 
Centre for Physics (NCP). NCP does accept responsibility for any errors or 
omissions that are present in the message, or any attachment, that have arisen 
as a result of email transmission.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help

[Caique Araujo via PacketFence-users]

Hello Fabrice,
>
> The configuration of my switch is marked as that option EXTERNAL PORTAL
> ENFORCEMENT, and when I try to make the connection with the packetfence I
> get the error in the attachment name: Error1 in attachment.
> When the EXTERNAL PORTAL ENFORCEMENT Option is unchecked, it displays the
> connection error, but no internet access, as per Attachment Error2.
>
> Can there be any relation not to make the captive portal available?
>
> Em qui, 6 de dez de 2018 às 22:31, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> escreveu:
>
>> Hello Cousin,
>>
>> the error message is not related to your issue.
>>
>> do you have more log from packetfence.log file and from
>> httpd.portal.access when you connect your device to the ssid ?
>>
>> Thanks
>>
>> Fabrice
>>
>>
>> Le 18-12-06 à 11 h 20, Caique Araujo via PacketFence-users a écrit :
>>
>> Brother,
>>
>> I am deploying the Packetfence networking team with version 8.2. The type
>> of configuration is web-auth ...
>>
>> What happens is that we have a physical topology, with the following ICs:
>> Packetfence Server, WiSM System (AP Controller) and FortiGate Firewall.
>>
>> Firewall is the DHCP server for the Visitors network, which sends IP
>> information, mask, gateway, and external DNS servers to the network.
>>
>> WiSM controls the SSID of the Visitors Network and acts as a bridge to
>> Firewall and Packetfence and controls the ACLs for authentication access or
>> redirect.
>>
>> My problem is this, when I try to authenticate by mobile access, the
>> firewall delivers all the information, however, packetfence should give me
>> a captive portal and a NOT IMPLEMENTED error!
>>
>> In the logs it displays the following message:
>>
>> pfhttpd: 06/Dec/2018:14:14:37 -0200 [ERROR 502 /api/v1/dhcp/stats] dial
>> tcp 127.0.0.1:2: getsockopt: connection refused
>>
>>
>>
>> --
>> Atenciosamente,
>> Caique Araujo
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
> --
> Atenciosamente,
> Caique Araujo
>


-- 
Atenciosamente,
Caique Araujo
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help

[Caique Araujo via PacketFence-users]

Hello Francis,

The configuration of my switch is marked as that option EXTERNAL PORTAL
ENFORCEMENT, and when I try to make the connection with the packetfence I
get the error in the attachment name: Error1 in attachment.
When the EXTERNAL PORTAL ENFORCEMENT Option is unchecked, it displays the
connection error, but no internet access, as per Attachment Error2.

Can there be any relation not to make the captive portal available?

Em qui, 6 de dez de 2018 às 22:31, Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> escreveu:

> Hello Cousin,
>
> the error message is not related to your issue.
>
> do you have more log from packetfence.log file and from
> httpd.portal.access when you connect your device to the ssid ?
>
> Thanks
>
> Fabrice
>
>
> Le 18-12-06 à 11 h 20, Caique Araujo via PacketFence-users a écrit :
>
> Brother,
>
> I am deploying the Packetfence networking team with version 8.2. The type
> of configuration is web-auth ...
>
> What happens is that we have a physical topology, with the following ICs:
> Packetfence Server, WiSM System (AP Controller) and FortiGate Firewall.
>
> Firewall is the DHCP server for the Visitors network, which sends IP
> information, mask, gateway, and external DNS servers to the network.
>
> WiSM controls the SSID of the Visitors Network and acts as a bridge to
> Firewall and Packetfence and controls the ACLs for authentication access or
> redirect.
>
> My problem is this, when I try to authenticate by mobile access, the
> firewall delivers all the information, however, packetfence should give me
> a captive portal and a NOT IMPLEMENTED error!
>
> In the logs it displays the following message:
>
> pfhttpd: 06/Dec/2018:14:14:37 -0200 [ERROR 502 /api/v1/dhcp/stats] dial
> tcp 127.0.0.1:2: getsockopt: connection refused
>
>
>
> --
> Atenciosamente,
> Caique Araujo
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>


-- 
Atenciosamente,
Caique Araujo
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help

[Durand fabrice via PacketFence-users]

Hello Cake,

it looks to be an issue with the switch configuration, can you share the 
switches.conf file ?


Regards

Fabrice

Le 18-12-10 à 10 h 23, Caique Araujo a écrit :

Hello Francis,

The configuration of my switch is marked as that option EXTERNAL 
PORTAL ENFORCEMENT, and when I try to make the connection with the 
packetfence I get the error in the attachment name: Error1 in attachment.
When the EXTERNAL PORTAL ENFORCEMENT Option is unchecked, it displays 
the connection error, but no internet access, as per Attachment Error2.


Can there be any relation not to make the captive portal available?

Em qui, 6 de dez de 2018 às 22:31, Durand fabrice via 
PacketFence-users > escreveu:


Hello Cousin,

the error message is not related to your issue.

do you have more log from packetfence.log file and from
httpd.portal.access when you connect your device to the ssid ?

Thanks

Fabrice


Le 18-12-06 à 11 h 20, Caique Araujo via PacketFence-users a écrit :

Brother,

I am deploying the Packetfence networking team with version 8.2.
The type of configuration is web-auth ...

What happens is that we have a physical topology, with the
following ICs: Packetfence Server, WiSM System (AP Controller)
and FortiGate Firewall.

Firewall is the DHCP server for the Visitors network, which sends
IP information, mask, gateway, and external DNS servers to the
network.

WiSM controls the SSID of the Visitors Network and acts as a
bridge to Firewall and Packetfence and controls the ACLs for
authentication access or redirect.

My problem is this, when I try to authenticate by mobile access,
the firewall delivers all the information, however, packetfence
should give me a captive portal and a NOT IMPLEMENTED error!

In the logs it displays the following message:

pfhttpd: 06/Dec/2018:14:14:37 -0200 [ERROR 502
/api/v1/dhcp/stats] dial tcp 127.0.0.1:2
: getsockopt: connection refused



-- 
Atenciosamente,

Caique Araujo


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net  

https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Atenciosamente,
Caique Araujo
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help

[Durand fabrice via PacketFence-users]

Hello Cousin,

the error message is not related to your issue.

do you have more log from packetfence.log file and from 
httpd.portal.access when you connect your device to the ssid ?


Thanks

Fabrice


Le 18-12-06 à 11 h 20, Caique Araujo via PacketFence-users a écrit :

Brother,

I am deploying the Packetfence networking team with version 8.2. The 
type of configuration is web-auth ...


What happens is that we have a physical topology, with the following 
ICs: Packetfence Server, WiSM System (AP Controller) and FortiGate 
Firewall.


Firewall is the DHCP server for the Visitors network, which sends IP 
information, mask, gateway, and external DNS servers to the network.


WiSM controls the SSID of the Visitors Network and acts as a bridge to 
Firewall and Packetfence and controls the ACLs for authentication 
access or redirect.


My problem is this, when I try to authenticate by mobile access, the 
firewall delivers all the information, however, packetfence should 
give me a captive portal and a NOT IMPLEMENTED error!


In the logs it displays the following message:

pfhttpd: 06/Dec/2018:14:14:37 -0200 [ERROR 502 /api/v1/dhcp/stats] 
dial tcp 127.0.0.1:2 : getsockopt: 
connection refused




--
Atenciosamente,
Caique Araujo


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help

[Caique Araujo via PacketFence-users]

Brother,

I am deploying the Packetfence networking team with version 8.2. The type
of configuration is web-auth ...

What happens is that we have a physical topology, with the following ICs:
Packetfence Server, WiSM System (AP Controller) and FortiGate Firewall.

Firewall is the DHCP server for the Visitors network, which sends IP
information, mask, gateway, and external DNS servers to the network.

WiSM controls the SSID of the Visitors Network and acts as a bridge to
Firewall and Packetfence and controls the ACLs for authentication access or
redirect.

My problem is this, when I try to authenticate by mobile access, the
firewall delivers all the information, however, packetfence should give me
a captive portal and a NOT IMPLEMENTED error!

In the logs it displays the following message:

pfhttpd: 06/Dec/2018:14:14:37 -0200 [ERROR 502 /api/v1/dhcp/stats] dial tcp
127.0.0.1:2: getsockopt: connection refused



-- 
Atenciosamente,
Caique Araujo
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help please ! Captive portal errors "Your computer was not found in Packetfence database"

[dev--- via PacketFence-users]

After trying everything, I finaly went for an "apt-get install 
--reinstall packetfence" ; everything seems to work better now, I will 
see if it remains so (a simple reboot previously had seemingly restored 
the situation this morning, but lasted only for few minutes). Maybe I 
should not have done the patch install yesterday (pf-maint.pl) ; but I 
had some instabilities I was hopeful it would resolve. Lessons learned : 
never update the day before a big event...


Still no idea for the crash reason. I keep investigating. Any idea is 
welcome :)



On 2018-09-26 13:21, dev--- via PacketFence-users wrote:

Hi !

We recently set up a production packetfence within our non profit
organisation ; it worked fine untill this morning.
Right now we are having a big event... and nothing works any more.
Murphy's law I guess :)

We are configured with inline configuration on a zen image / with 8.1
and latests patches (from yesterday).

When (any user, registered or not yet) tries to connect, they get an
error on our captive portal "Your comouter was not found in the packet
fence database. Please reboot to solve issue" (which doesn't help.

pfdhcplistener.log is empty today (plenty of things yesterday)

packetfence.log has the following messages :
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)"
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)"
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
WARN: [mac:unknown] Unable to match MAC address to IP
'192.168.112.131' (pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
ERROR: [mac:unknown] Error while setting locale to fr_FR.utf8. Is the
locale generated on your system?
(pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
WARN: [mac:unknown] Unable to match MAC address to IP
'192.168.112.123' (pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
WARN: [mac:0] Unable to match MAC address to IP '192.168.112.131'
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
ERROR: [mac:0] Error while setting locale to fr_FR.utf8. Is the locale
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
WARN: [mac:0] Unable to match MAC address to IP '192.168.112.123'
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
INFO: [mac:0] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
ERROR: [mac:0] Error while setting locale to fr_FR.utf8. Is the locale
generated on your system?
(captiveportal::PacketFence::Controller::Root::setupLanguage)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
ERROR: [mac:0] Error while communicating with the Fingerbank
collector. 500 Can't connect to 127.0.0.1:4723
(pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
WARN: [mac:0] Use of uninitialized value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm
line 137.
 
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561)
ERROR: [mac:0] Error while communicating with the Fingerbank
collector. 500 Can't connect to 127.0.0.1:4723
(pf::fingerbank::update_collector_endpoint_data)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown] Error
while communicating with the Fingerbank collector. 500 Can't connect
to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown]
Unable to fetch query arguments for Fingerbank query. Aborting.
(pf::fingerbank::process)
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)"
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)"
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560)
WARN: [mac:unknown] Unable to match MAC address to IP
'192.168.112.131' (pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560)
ERROR: [mac:unknown] Error while setting locale to fr_FR.utf8. Is the
locale generated on your system?
(pf::Portal::Session::_initializeI18n)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560)
WARN: [mac:unknown] Unable to match MAC address to IP
'192.168.112.123' (pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: 

[PacketFence-users] Help ! Captive portal errors "Your computer was not found in Packetfence database"

[dev--- via PacketFence-users]

Hi !

We recently set up a production packetfence within our non profit 
organisation ; it worked fine untill this morning.
Right now we are having a big event... and nothing works any more. 
Murphy's law I guess :)


We are configured with inline configuration on a zen image / with 8.1 
and latests patches (from yesterday).


When (any user, registered or not yet) tries to connect, they get an 
error on our captive portal "Your comouter was not found in the packet 
fence database. Please reboot to solve issue" (which doesn't help.


pfdhcplistener.log is empty today (plenty of things yesterday)

packetfence.log has the following messages :
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info 
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)" 
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info 
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)" pid=2524 
mac=24:f0:94:0d:f7:8d
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:unknown] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) INFO: 
[mac:0] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? 
(captiveportal::PacketFence::Controller::Root::setupLanguage)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while communicating with the Fingerbank collector. 500 
Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm 
line 137.
 
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while communicating with the Fingerbank collector. 500 
Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown] Error 
while communicating with the Fingerbank collector. 500 Can't connect to 
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown] Unable 
to fetch query arguments for Fingerbank query. Aborting. 
(pf::fingerbank::process)
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info 
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)" 
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info 
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)" pid=2524 
mac=24:f0:94:0d:f7:8d
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) ERROR: 
[mac:unknown] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) INFO: 
[mac:0] Instantiate profile 

[PacketFence-users] Help please ! Captive portal errors "Your computer was not found in Packetfence database"

[dev--- via PacketFence-users]

Hi !

We recently set up a production packetfence within our non profit 
organisation ; it worked fine untill this morning.
Right now we are having a big event... and nothing works any more. 
Murphy's law I guess :)


We are configured with inline configuration on a zen image / with 8.1 
and latests patches (from yesterday).


When (any user, registered or not yet) tries to connect, they get an 
error on our captive portal "Your comouter was not found in the packet 
fence database. Please reboot to solve issue" (which doesn't help.


pfdhcplistener.log is empty today (plenty of things yesterday)

packetfence.log has the following messages :
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info 
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)" 
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:15:55 wifi pfdhcp[2524]: t=2018-09-26T13:15:55-0400 lvl=info 
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)" pid=2524 
mac=24:f0:94:0d:f7:8d
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:unknown] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) INFO: 
[mac:0] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? 
(captiveportal::PacketFence::Controller::Root::setupLanguage)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while communicating with the Fingerbank collector. 500 
Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) WARN: 
[mac:0] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm 
line 137.
 
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Sep 26 13:15:57 wifi packetfence_httpd.portal: httpd.portal(1561) ERROR: 
[mac:0] Error while communicating with the Fingerbank collector. 500 
Can't connect to 127.0.0.1:4723 
(pf::fingerbank::update_collector_endpoint_data)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown] Error 
while communicating with the Fingerbank collector. 500 Can't connect to 
127.0.0.1:4723 (pf::fingerbank::endpoint_attributes)
Sep 26 13:15:57 wifi pfqueue: pfqueue(3825) ERROR: [mac:unknown] Unable 
to fetch query arguments for Fingerbank query. Aborting. 
(pf::fingerbank::process)
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info 
msg="DHCPREQUEST for 192.168.112.123 from 24:f0:94:0d:f7:8d (iPhone)" 
pid=2524 mac=24:f0:94:0d:f7:8d
Sep 26 13:16:02 wifi pfdhcp[2524]: t=2018-09-26T13:16:02-0400 lvl=info 
msg="DHCPACK on 192.168.112.123 to 24:f0:94:0d:f7:8d (iPhone)" pid=2524 
mac=24:f0:94:0d:f7:8d
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) ERROR: 
[mac:unknown] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:unknown] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.131' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) ERROR: 
[mac:0] Error while setting locale to fr_FR.utf8. Is the locale 
generated on your system? (pf::Portal::Session::_initializeI18n)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) WARN: 
[mac:0] Unable to match MAC address to IP '192.168.112.123' 
(pf::ip4log::ip2mac)
Sep 26 13:16:07 wifi packetfence_httpd.portal: httpd.portal(1560) INFO: 
[mac:0] Instantiate profile 

Re: [PacketFence-users] Help - Issue "You made too many requests for this resource"

[Nguyễn Bảo Lộc via PacketFence-users]

Hi Fabrice,

Now, I clear on this.
Thanks for your support :-)

On Wed, Aug 15, 2018 at 8:01 AM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello  Bảo Lộc,
>
> if you have this message it mean than you reach the limit of 300 request
> per hour.
>
> And the count will be clear each hours.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-08-14 à 02:07, Nguyễn Bảo Lộc via PacketFence-users a écrit :
>
> Hi Fabrice,
>
> Thanks for your answer :)
> I think, I don't need more than 300/h but Can I clear cache all of request
> on api.fingerbank.com?
>
> Best Regards,
>
>
> On Tue, Aug 14, 2018 at 8:22 AM Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Bảo Lộc,
>>
>> fingerbank requests are limited to 300/h so if you need more you can
>> subscribe to a support contract.
>>
>> Regards
>>
>> Fabrice
>>
>> Le 2018-08-13 à 06:19, Nguyễn Bảo Lộc via PacketFence-users a écrit :
>>
>> Hi Guys,
>>
>> Could you help me on this issue? Please see attachment for more details
>>
>> Best Regards,
>> Loc
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help - Issue "You made too many requests for this resource"

[Nguyễn Bảo Lộc via PacketFence-users]

Hi Fabrice,

Thanks for your answer :)
I think, I don't need more than 300/h but Can I clear cache all of request
on api.fingerbank.com?

Best Regards,


On Tue, Aug 14, 2018 at 8:22 AM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Bảo Lộc,
>
> fingerbank requests are limited to 300/h so if you need more you can
> subscribe to a support contract.
>
> Regards
>
> Fabrice
>
> Le 2018-08-13 à 06:19, Nguyễn Bảo Lộc via PacketFence-users a écrit :
>
> Hi Guys,
>
> Could you help me on this issue? Please see attachment for more details
>
> Best Regards,
> Loc
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help - Issue "You made too many requests for this resource"

[Durand fabrice via PacketFence-users]

Hello Bảo Lộc,

fingerbank requests are limited to 300/h so if you need more you can 
subscribe to a support contract.


Regards

Fabrice


Le 2018-08-13 à 06:19, Nguyễn Bảo Lộc via PacketFence-users a écrit :

Hi Guys,

Could you help me on this issue? Please see attachment for more details

Best Regards,
Loc


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help - Issue "You made too many requests for this resource"

[Nguyễn Bảo Lộc via PacketFence-users]

Hi Guys,

Could you help me on this issue? Please see attachment for more details

Best Regards,
Loc
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help installing PacketFence - Cannot access PacketFence server

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Bram,

On 2018-07-25 09:59 AM, Bram Wittendorp wrote:


I will look in to this further, but if anyone has a suggestion I'm welcome to 
hear it!


You can try to use `tcpdump` with -e option on PF to see if you receive 
tags.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help installing PacketFence - Cannot access PacketFence server

[Bram Wittendorp via PacketFence-users]

Hi Nicolas



Yes I've setup a management interface. 



I think I've found the issue, it seems to be in VLAN Tagging and using 802.1q 
in VMWare ESXi. I've set this up but I have the feeling VMWare isn't handeling 
the tagged traffic properly. The VM for PacketFence has a port group with 
VLAN-ID 4095 which should let the VLAN-tagging be used on the host. But I can 
only access the host on the untagged interface, not on any of the tagged 
VLAN-interfaces. 



I will look in to this further, but if anyone has a suggestion I'm welcome to 
hear it! 



Met vriendelijke groet,

 

Bram Wittendorp

Netwerk-/Systeembeheerder | RTV Drenthe 
 

 

t: 0592 – 304 693  

e: b.wittend...@rtvdrenthe.nl

 

  

Beilerstraat 30, Assen 

Postbus 999, 9400 AZ Assen

t: 0592-338080

www.rtvdrenthe.nl 

 



Op 25-07-18 15:47 heeft Nicolas Quiniou-Briand via PacketFence-users 
 geschreven:



Hello Bram and Jay,



Have you define a management interface at step 2 in configurator as 

explained in PacketFence Installation Guide :




https://packetfence.org/doc/PacketFence_Installation_Guide.html#_going_through_the_configurator



?



You can check in /usr/local/pf/conf/pf.conf.

-- 

Nicolas Quiniou-Briand

n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca

Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 

(https://packetfence.org) and Fingerbank (http://fingerbank.org)




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot

___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help installing PacketFence - Cannot access PacketFence server

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Bram and Jay,

Have you define a management interface at step 2 in configurator as 
explained in PacketFence Installation Guide :


https://packetfence.org/doc/PacketFence_Installation_Guide.html#_going_through_the_configurator

?

You can check in /usr/local/pf/conf/pf.conf.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

I just created an issue to take into account your remarks :

https://github.com/inverse-inc/packetfence/issues/3413

Feel free to comment or add your proposals.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help installing PacketFence - Cannot access PacketFence server

[Jay Hauss via PacketFence-users]

 

Hey Bram,

 

I've encountered the same problem when prototyping/testing Packetfence and have a temporary workaround. This is definitely not something that would be used in production but will help you get going for the time being and maybe lead to a solution.

 

I've found that the PacketFence iptables service is what prevented me from doing any sort of management with the web interface. The Packetfence IPTables does not block ICMP which would explain why your pings are functional.

 

Run:
/usr/local/pf/bin/pfcmd service iptables status

If it's running, try stopping it:

 

/usr/local/pf/bin/pfcmd service iptables stop


 

And see if you can access the Web Interface.

 

This has worked for me but I haven't yet figured out how I'll modify the iptables.conf file to allow the service to run and still be accessible.

 

If anybody knows that'd help !

 

More info about pfcmd: https://packetfence.org/doc/PacketFence_Installation_Guide.html#_pfcmd

 

Hope it helps

 


Sent: Tuesday, July 24, 2018 at 10:27 AM
From: "Bram Wittendorp via PacketFence-users" 
To: "Delta via PacketFence-users" 
Cc: "Bram Wittendorp" 
Subject: [PacketFence-users] Help installing PacketFence - Cannot access PacketFence server




Hi everyone, 

 

Maybe some of you have had a similar issue while installing PacketFence: 

 

I’ve done a clean install of CentOS 7 in VMWare ESXi, I’ve created a new VM-Network with VLAN 4095 in order to supply all VLAN on the vSwitch towards the PacketFence server.

 

After going through the initial configuration wizard and creating the VLANs I’ve lost my connectivity towards the webinterface or SSH. I can access the VM through VMWare Remote Console, and I verified network connectivity from that VM: I can ping


	My own workstation
	The Coreswitch of our network
	Google Public DNS (8.8.8.8)


 

From my own workstation I can only ping the default (non-VLAN interface) of the Virtual Machine, however I cannot use SSH or anything else to access the VM. 

 

I’m hoping anyone has an idea of what to look for and can give me suggestions in the right direction. 

 

Met vriendelijke groet,

 

Bram Wittendorp

Netwerk-/Systeembeheerder | RTV Drenthe  

 

t: 0592 – 304 693  

e: b.wittend...@rtvdrenthe.nl

 

  

Beilerstraat 30, Assen 

Postbus 999, 9400 AZ Assen

t: 0592-338080

www.rtvdrenthe.nl

 

-- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help installing PacketFence - Cannot access PacketFence server

[Bram Wittendorp via PacketFence-users]

Hi everyone,

Maybe some of you have had a similar issue while installing PacketFence:

I’ve done a clean install of CentOS 7 in VMWare ESXi, I’ve created a new 
VM-Network with VLAN 4095 in order to supply all VLAN on the vSwitch towards 
the PacketFence server.

After going through the initial configuration wizard and creating the VLANs 
I’ve lost my connectivity towards the webinterface or SSH. I can access the VM 
through VMWare Remote Console, and I verified network connectivity from that 
VM: I can ping

  *   My own workstation
  *   The Coreswitch of our network
  *   Google Public DNS (8.8.8.8)

From my own workstation I can only ping the default (non-VLAN interface) of the 
Virtual Machine, however I cannot use SSH or anything else to access the VM.

I’m hoping anyone has an idea of what to look for and can give me suggestions 
in the right direction.

Met vriendelijke groet,

Bram Wittendorp
Netwerk-/Systeembeheerder | RTV Drenthe

t: 0592 – 304 693
e: b.wittend...@rtvdrenthe.nl

[cid:image001.png@01D3385B.F7262D10]
Beilerstraat 30, Assen
Postbus 999, 9400 AZ Assen
t: 0592-338080
www.rtvdrenthe.nl

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help

[Jay Hauss via PacketFence-users]

I've noticed a little quirk when setting up Packetfence when you get to this step (defining passwords/setting up the database). I believe you're asking about Step 3.

 

The fields are a bit misleading and hopefully will be redone in future releases for clarification.

 

At the top there's the option to set the MySQL Root Password.

Leave it blank and hit the 'Test' button -- it should open a prompt for you to create/set a new root password.

 

Once this is complete, the dialogue box closes and now you can type the newly set password and hit 'test'. It should test as successful.


 

Now here's the little caveat -- the MySQL root password needs to be entered in this field in order to fill out the rest of the form. This is most likely why you're getting errors.

 

So with the MySQL Root password typed into the field, you should now be able to do the 'Create Database and Tables" step. You should also be able to create the 'pf' user for the database with the password you choose.

 

There's a Youtube video from an older version of PacketFence that I found, showing this step: https://youtu.be/D29SxM03F94?t=4m27s

 

Hope it helps


Sent: Tuesday, July 24, 2018 at 9:50 AM
From: "Delta via PacketFence-users" 
To: packetfence-users@lists.sourceforge.net
Cc: Delta 
Subject: [PacketFence-users] Help




Hi 

This is my first attempt at installing PacketFence. I can't get past the database configuration point. this is the error i get :

 

Error! Please verify your configuration.



 

I am using the version 8.1


Please help

OB

-- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help with Dell 3500 and PacketFence

[Truax, Peter via PacketFence-users]

Fabrice,


I got it working!



In /usr/local/pf/conf/radius/eap.conf, I set default_eap_type = md5.



Rebooted the server. Worked afterwards.



Incidentally, I used the Dell Force 10 module on these.



Regards,



Peter



From: Truax, Peter via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, January 10, 2018 8:45 AM
To: packetfence-users@lists.sourceforge.net
Cc: Truax, Peter <ptr...@stmartin.edu>
Subject: Re: [PacketFence-users] Help with Dell 3500 and PacketFence

Fabrice,

Thank you for your quick response. I disabled md5 authentication, and that did 
not work. The switch did not communicate at all with the radius server. 
Raddebug did not capture anything at all and no entries appeared in the radius 
log file. Anything else I can try?

Regards,

Peter

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, January 9, 2018 4:44 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca<mailto:fdur...@inverse.ca>>
Subject: Re: [PacketFence-users] Help with Dell 3500 and PacketFence


Hello Peter,

try to remove md5 in 
https://pf_mgmt:1443/admin/configuration#configuration/radius_authentication_methods
 as i remember the Dell switch try to negotiate md5 first.

Regards

Fabrice



Le 2018-01-09 à 19:19, Truax, Peter via PacketFence-users a écrit :

Hello,



First, I want to say that I love PacketFence! All the things it can do are 
wonderful and make my life so much easier. I am having trouble trying to get a 
Dell 3500 Switch to work with PacketFence. It is capable of performing mac auth 
bypass and dynamic VLAN assignment. Half of our wired network uses these 
devices, and we cannot upgrade to newer equipment yet.



These switches will successfully  do mac-auth-bypass and dynamic vlan 
assignment with a vanilla install of FreeRadius. They should be able to work 
with PacketFence.



Using the Dell N1500 series Switch Module, it works up to a point. I also tried 
the Dell Force 10 Switch Module as well, but with no difference.

Below are various log file snippets of relevant information.



>From Raddebug:



Jan  9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with shared 
secret "xx"

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears to match 
a previous request, but the EAP type is wrong

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP type PEAP, 
but received type MD5

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant or NAS is 
probably broken

Jan  9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap: Response appears 
to match a previous request, but the EAP type is wrong): [782bcbe1350b] (from 
client 10.10.0.130 port 1 cli 78:2b:cb:e1:35:0b)

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No EAP 
session matching state 0x281b6642281a7f83

Jan  9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected user: 
782bcbe1350b





>From Radius.Log:



(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Response appears to match a 
previous request, but the EAP type is wrong

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP, but 
received type MD5

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is probably 
broken

(268) Mon Jan  8 14:04:01 2018: Debug: eap: Failed in handler

(268) Mon Jan  8 14:04:01 2018: Debug: [eap] = invalid



I found the source code for this error in FreeRadius:


1117 /*
1118* Even more paranoia. Without this, some weird
1119* clients could do crazy things.
1120*
1121* It's ok to send EAP sub-type NAK in response
1122* to a request for a particular type, but it's NOT
1123* OK to blindly return data for another type.
1124*/
1125if 
((eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
PW_EAP_NAK<https://doc.freeradius.org/eap__types_8h.html#a492a186ed73931736f0e2bd7a63ebfd5a1b2f59161e5d9801d9949e4548d37f2b>)
 &&
1126
(eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>))
 {
1127
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Response
 appears to match a previous request, but the EAP type is wrong");
1128
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("We
 expected EAP type %s, but received type %s",
1129
eap_type2name<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080

Re: [PacketFence-users] Help with Dell 3500 and PacketFence

[Truax, Peter via PacketFence-users]

Fabrice,

In a previous email, I reported that I got no response from the radius server. 
That was with the Dell N1500 module. I tried it with the Force 10 module no md5 
and got some results. Unfortunately those results are the same as originally 
reported. Expected peap and received md5 instead.

Regards,

Peter

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, January 9, 2018 4:44 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Help with Dell 3500 and PacketFence


Hello Peter,

try to remove md5 in 
https://pf_mgmt:1443/admin/configuration#configuration/radius_authentication_methods
 as i remember the Dell switch try to negotiate md5 first.

Regards

Fabrice



Le 2018-01-09 à 19:19, Truax, Peter via PacketFence-users a écrit :

Hello,



First, I want to say that I love PacketFence! All the things it can do are 
wonderful and make my life so much easier. I am having trouble trying to get a 
Dell 3500 Switch to work with PacketFence. It is capable of performing mac auth 
bypass and dynamic VLAN assignment. Half of our wired network uses these 
devices, and we cannot upgrade to newer equipment yet.



These switches will successfully  do mac-auth-bypass and dynamic vlan 
assignment with a vanilla install of FreeRadius. They should be able to work 
with PacketFence.



Using the Dell N1500 series Switch Module, it works up to a point. I also tried 
the Dell Force 10 Switch Module as well, but with no difference.

Below are various log file snippets of relevant information.



>From Raddebug:



Jan  9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with shared 
secret "xx"

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears to match 
a previous request, but the EAP type is wrong

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP type PEAP, 
but received type MD5

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant or NAS is 
probably broken

Jan  9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap: Response appears 
to match a previous request, but the EAP type is wrong): [782bcbe1350b] (from 
client 10.10.0.130 port 1 cli 78:2b:cb:e1:35:0b)

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No EAP 
session matching state 0x281b6642281a7f83

Jan  9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected user: 
782bcbe1350b





>From Radius.Log:



(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Response appears to match a 
previous request, but the EAP type is wrong

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP, but 
received type MD5

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is probably 
broken

(268) Mon Jan  8 14:04:01 2018: Debug: eap: Failed in handler

(268) Mon Jan  8 14:04:01 2018: Debug: [eap] = invalid



I found the source code for this error in FreeRadius:


1117 /*
1118* Even more paranoia. Without this, some weird
1119* clients could do crazy things.
1120*
1121* It's ok to send EAP sub-type NAK in response
1122* to a request for a particular type, but it's NOT
1123* OK to blindly return data for another type.
1124*/
1125if 
((eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
PW_EAP_NAK<https://doc.freeradius.org/eap__types_8h.html#a492a186ed73931736f0e2bd7a63ebfd5a1b2f59161e5d9801d9949e4548d37f2b>)
 &&
1126
(eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>))
 {
1127
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Response
 appears to match a previous request, but the EAP type is wrong");
1128
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("We
 expected EAP type %s, but received type %s",
1129
eap_type2name<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>),
1130
eap_type2name<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]));
1131
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Your
 Supplicant or NAS is probably broken");
1132goto error;
1133}



It appears this error is produced by FreeRadius but that doesn't make sense, as 
I have a working instance of FreeRadius. Any help or guidance

Re: [PacketFence-users] Help with Dell 3500 and PacketFence

[Truax, Peter via PacketFence-users]

Fabrice,

Thank you for your quick response. I disabled md5 authentication, and that did 
not work. The switch did not communicate at all with the radius server. 
Raddebug did not capture anything at all and no entries appeared in the radius 
log file. Anything else I can try?

Regards,

Peter

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, January 9, 2018 4:44 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Help with Dell 3500 and PacketFence


Hello Peter,

try to remove md5 in 
https://pf_mgmt:1443/admin/configuration#configuration/radius_authentication_methods
 as i remember the Dell switch try to negotiate md5 first.

Regards

Fabrice



Le 2018-01-09 à 19:19, Truax, Peter via PacketFence-users a écrit :

Hello,



First, I want to say that I love PacketFence! All the things it can do are 
wonderful and make my life so much easier. I am having trouble trying to get a 
Dell 3500 Switch to work with PacketFence. It is capable of performing mac auth 
bypass and dynamic VLAN assignment. Half of our wired network uses these 
devices, and we cannot upgrade to newer equipment yet.



These switches will successfully  do mac-auth-bypass and dynamic vlan 
assignment with a vanilla install of FreeRadius. They should be able to work 
with PacketFence.



Using the Dell N1500 series Switch Module, it works up to a point. I also tried 
the Dell Force 10 Switch Module as well, but with no difference.

Below are various log file snippets of relevant information.



>From Raddebug:



Jan  9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with shared 
secret "xx"

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears to match 
a previous request, but the EAP type is wrong

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP type PEAP, 
but received type MD5

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant or NAS is 
probably broken

Jan  9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap: Response appears 
to match a previous request, but the EAP type is wrong): [782bcbe1350b] (from 
client 10.10.0.130 port 1 cli 78:2b:cb:e1:35:0b)

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No EAP 
session matching state 0x281b6642281a7f83

Jan  9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected user: 
782bcbe1350b





>From Radius.Log:



(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Response appears to match a 
previous request, but the EAP type is wrong

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP, but 
received type MD5

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is probably 
broken

(268) Mon Jan  8 14:04:01 2018: Debug: eap: Failed in handler

(268) Mon Jan  8 14:04:01 2018: Debug: [eap] = invalid



I found the source code for this error in FreeRadius:


1117 /*
1118* Even more paranoia. Without this, some weird
1119* clients could do crazy things.
1120*
1121* It's ok to send EAP sub-type NAK in response
1122* to a request for a particular type, but it's NOT
1123* OK to blindly return data for another type.
1124*/
1125if 
((eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
PW_EAP_NAK<https://doc.freeradius.org/eap__types_8h.html#a492a186ed73931736f0e2bd7a63ebfd5a1b2f59161e5d9801d9949e4548d37f2b>)
 &&
1126
(eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
 != 
eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>))
 {
1127
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Response
 appears to match a previous request, but the EAP type is wrong");
1128
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("We
 expected EAP type %s, but received type %s",
1129
eap_type2name<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_session->type<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>),
1130
eap_type2name<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_packet->data<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]));
1131
RERROR<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Your
 Supplicant or NAS is probably broken");
1132goto error;
1133}



It appears this error is produced by FreeRadius but that doesn't make sense, as 
I have a working instance of FreeRadius. Any help or guidance

Re: [PacketFence-users] Help with Dell 3500 and PacketFence

[Durand fabrice via PacketFence-users]

Hello Peter,

try to remove md5 in 
https://pf_mgmt:1443/admin/configuration#configuration/radius_authentication_methods 
as i remember the Dell switch try to negotiate md5 first.


Regards

Fabrice



Le 2018-01-09 à 19:19, Truax, Peter via PacketFence-users a écrit :


Hello,

First, I want to say that I love PacketFence! All the things it can do 
are wonderful and make my life so much easier. I am having trouble 
trying to get a Dell 3500 Switch to work with PacketFence. It is 
capable of performing mac auth bypass and dynamic VLAN assignment. 
Half of our wired network uses these devices, and we cannot upgrade to 
newer equipment yet.


These switches will successfully  do mac-auth-bypass and dynamic vlan 
assignment with a vanilla install of FreeRadius. They should be able 
to work with PacketFence.


Using the Dell N1500 series Switch Module, it works up to a point. I 
also tried the Dell Force 10 Switch Module as well, but with no 
difference.


Below are various log file snippets of relevant information.

From Raddebug:

Jan  9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with 
shared secret "xx"


Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears 
to match a previous request, but the EAP type is wrong


Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP 
type PEAP, but received type MD5


Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant 
or NAS is probably broken


Jan  9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap: 
Response appears to match a previous request, but the EAP type is 
wrong): [782bcbe1350b] (from client 10.10.0.130 port 1 cli 
78:2b:cb:e1:35:0b)


Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No 
EAP session matching state 0x281b6642281a7f83


Jan  9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected 
user: 782bcbe1350b


From Radius.Log:

(268) Mon Jan 8 14:04:01 2018: ERROR: eap: Response appears to match a 
previous request, but the EAP type is wrong


(268) Mon Jan 8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP, 
but received type MD5


(268) Mon Jan 8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is 
probably broken


(268) Mon Jan 8 14:04:01 2018: Debug: eap: Failed in handler

(268) Mon Jan 8 14:04:01 2018: Debug: [eap] = invalid

I found the source code for this error in FreeRadius:

1117/*

1118  * Even more paranoia. Without this, some weird

1119  * clients could do crazy things.

1120  *

1121  * It's ok to send EAP sub-type NAK in response

1122  * to a request for a particular type, but it's NOT

1123  * OK to blindly return data for another type.

1124  */

1125if((eap_packet->data 
[0] 
!= PW_EAP_NAK 
) 
&&


1126    (eap_packet->data 
[0] 
!= eap_session->type 
)) 
{


1127RERROR 
("Response 
appears to match a previous request, but the EAP type is wrong");


1128RERROR 
("We 
expected EAP type %s, but received type %s",


1129eap_type2name 
(eap_session->type 
),


1130eap_type2name 
(eap_packet->data 
[0]));


1131RERROR 
("Your 
Supplicant or NAS is probably broken");


1132gotoerror;

1133    }

It appears this error is produced by FreeRadius but that doesn’t make 
sense, as I have a working instance of FreeRadius. Any help or 
guidance would be appreciated.


Peter Truax

Network Administrator

(360) 688-2240

St. Martin’s University

5000 Abbey Way E

Lacey, WA 98503



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users 

[PacketFence-users] Help with Dell 3500 and PacketFence

[Truax, Peter via PacketFence-users]

Hello,



First, I want to say that I love PacketFence! All the things it can do are 
wonderful and make my life so much easier. I am having trouble trying to get a 
Dell 3500 Switch to work with PacketFence. It is capable of performing mac auth 
bypass and dynamic VLAN assignment. Half of our wired network uses these 
devices, and we cannot upgrade to newer equipment yet.



These switches will successfully  do mac-auth-bypass and dynamic vlan 
assignment with a vanilla install of FreeRadius. They should be able to work 
with PacketFence.



Using the Dell N1500 series Switch Module, it works up to a point. I also tried 
the Dell Force 10 Switch Module as well, but with no difference.

Below are various log file snippets of relevant information.



>From Raddebug:



Jan  9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with shared 
secret "xx"

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears to match 
a previous request, but the EAP type is wrong

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP type PEAP, 
but received type MD5

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant or NAS is 
probably broken

Jan  9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap: Response appears 
to match a previous request, but the EAP type is wrong): [782bcbe1350b] (from 
client 10.10.0.130 port 1 cli 78:2b:cb:e1:35:0b)

Jan  9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No EAP 
session matching state 0x281b6642281a7f83

Jan  9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected user: 
782bcbe1350b





>From Radius.Log:



(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Response appears to match a 
previous request, but the EAP type is wrong

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP, but 
received type MD5

(268) Mon Jan  8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is probably 
broken

(268) Mon Jan  8 14:04:01 2018: Debug: eap: Failed in handler

(268) Mon Jan  8 14:04:01 2018: Debug: [eap] = invalid



I found the source code for this error in FreeRadius:


1117 /*
1118* Even more paranoia. Without this, some weird
1119* clients could do crazy things.
1120*
1121* It's ok to send EAP sub-type NAK in response
1122* to a request for a particular type, but it's NOT
1123* OK to blindly return data for another type.
1124*/
1125if 
((eap_packet->data[0]
 != 
PW_EAP_NAK)
 &&
1126
(eap_packet->data[0]
 != 
eap_session->type))
 {
1127
RERROR("Response
 appears to match a previous request, but the EAP type is wrong");
1128
RERROR("We
 expected EAP type %s, but received type %s",
1129
eap_type2name(eap_session->type),
1130
eap_type2name(eap_packet->data[0]));
1131
RERROR("Your
 Supplicant or NAS is probably broken");
1132goto error;
1133}



It appears this error is produced by FreeRadius but that doesn't make sense, as 
I have a working instance of FreeRadius. Any help or guidance would be 
appreciated.







Peter Truax

Network Administrator

(360) 688-2240

St. Martin's University

5000 Abbey Way E

Lacey, WA 98503






--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help - PF not starting after a reboot

[Nathan, Josh via PacketFence-users]

When I had a similar problem, recently, I was directed to restart the
packetfence-config service.  And then afterward I found I also needed to
restart the packetfence-mariadb service for subsequent issues.


Joshua Nathan
*IT Technician*
Black Forest Academy

p: +49 (0) 7626 9161 630  m: +49 (0) 152 3452 0056
a:
w: Hammersteiner Straße 50, 79400 Kandern
bfacademy.de



On Fri, Sep 29, 2017 at 1:00 PM, Luís Torres via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> getting loads of this erros on the packetfenc.log:
>
>
>
> p 29 11:58:18 packetfence packetfence: ERROR pfcmd.pl(958):
> [1506682698.49178] Failed to connect to config service for namespace
> config::Pf, retrying (pfconfig::cached::_get_from_socket)
> Sep 29 11:58:18 packetfence packetfence: ERROR pfcmd.pl(964):
> [1506682698.56148] Failed to connect to config service for namespace
> resource::URI_Filters, retrying (pfconfig::cached::_get_from_socket)
> Sep 29 11:58:18 packetfence packetfence: ERROR pfcmd.pl(937):
> [1506682698.56148] Failed to connect to config service for namespace
> resource::switches_group, retrying (pfconfig::cached::_get_from_socket)
> Sep 29 11:58:18 packetfence packetfence: ERROR pfcmd.pl(958):
> [1506682698.59354] Failed to connect to config service for namespace
> config::Pf, retrying (pfconfig::cached::_get_from_socket)
> Sep 29 11:58:18 packetfence packetfence: ERROR pfcmd.pl(964):
> [1506682698.6632] Failed to connect to config service for namespace
> resource::URI_Filters, retrying (pfconfig::cached::_get_from_socket)
> Sep 29 11:58:18 packetfence pa
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] help - PF not starting after a reboot

[Luís Torres via PacketFence-users]

 

getting loads of this erros on the packetfenc.log: 

p 29 11:58:18
packetfence packetfence: ERROR pfcmd.pl(958): [1506682698.49178] Failed
to connect to config service for namespace config::Pf, retrying
(pfconfig::cached::_get_from_socket)
Sep 29 11:58:18 packetfence
packetfence: ERROR pfcmd.pl(964): [1506682698.56148] Failed to connect
to config service for namespace resource::URI_Filters, retrying
(pfconfig::cached::_get_from_socket)
Sep 29 11:58:18 packetfence
packetfence: ERROR pfcmd.pl(937): [1506682698.56148] Failed to connect
to config service for namespace resource::switches_group, retrying
(pfconfig::cached::_get_from_socket)
Sep 29 11:58:18 packetfence
packetfence: ERROR pfcmd.pl(958): [1506682698.59354] Failed to connect
to config service for namespace config::Pf, retrying
(pfconfig::cached::_get_from_socket)
Sep 29 11:58:18 packetfence
packetfence: ERROR pfcmd.pl(964): [1506682698.6632] Failed to connect to
config service for namespace resource::URI_Filters, retrying
(pfconfig::cached::_get_from_socket)
Sep 29 11:58:18 packetfence pa 
 --
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help Please

[Louis Munro via PacketFence-users]

> On Jul 26, 2017, at 08:47, darksom--- via PacketFence-users 
>  wrote:
> 
> I would like to know two things:
> 
> 1 - How to clean logs from /usr/local/pf/logs without causing problems?
> 
logrotate should do that for you already, subject to its configuration.

See /etc/logrotate.d/packetfence.conf

It can be run manually. See man logrotate.

Ultimately these are just text files.
You can move them around, compress them, whatever.

The only caveat is that if a process is running (and has an open file 
descriptor to one of those files) you should stop it first before moving or 
deleting the file.
But I recommend letting logrotate do it for you.

If it's keeping too much to your taste all you need to do is to edit 
/etc/logrotate.d/packetfence.conf to have it keep fewer copies, or rotate it 
more frequently.


> 2 - how to see and how to change the routine to check the status of nodes 
> (Registered -> Unegistered)?
> 
> 
> 

I don't know what you mean by that.
Do you mean the pfmon job that changes the state from registered to 
unregistered when a device has reached it's unregistration date?
Do you want to see the code for that?
Or just the frequency it runs at?

If the latter, there is a nodes_maintenance_interval variable that is set by 
default to 60s.
You can find it in the "maintenance" section of the GUI.



Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help or Guide

[Safiullah Tariq]

Hello All,

I hope you are doing great.

I have installed PacketFence and used Out-of-Band implementation. I have
done exactly what the guide says. However, I am still not able to get
anything working.

According to the guide, I have done the settings on Mikrotik, which was not
an issue for me, now comes the hard part.
I have a system with 5 LAN ports, I have setup Management on one and other
such as Registration and Isolation on the other ports.

Management IP is 10.2.2.88 (on LAN1)
Registration IP is 192.168.2.1/24 (On LAN port 2) (VLAN ID= 2)
Isolation IP is 192.168.3.1/24 (On LAN port 2) (VLAN ID= 3)
IP to the Port without vlan 192.168.1.5 (on Lan port 2)

1. I dont know what is Normal VLAN as it doesn't show in the drop down menu.
2. The management interface does not have DHCP option.
3. In the document, there is nothing mentioned about the IP scheme of
mikrotik.
4. Still i gave 192.168.1.6 ip to mikrotik's port which is connecting to
the PF. As the out-of-band document says that Radius ip should be
192.168.1.5. I am not able to ping PF from mikrotik or mikrotik from PF.
5. Should I move all the VLANs to the management port ?
6. Should I setup DHCP in mikrotik ?

I would like to mention here that I want to setup an out of band hotspot
wifi

Please do reply as I am sure that your emails will be very helpful.

Regards,


Safiullah Tariq

Regards,


Safiullah Tariq


PRIVILEGED AND CONFIDENTIAL INFORMATION: This e-mail and attachments, if
any, may contain confidential and/or proprietary information. Please be
advised that the unauthorized use or disclosure of the information is
strictly prohibited. The information herein is intended only for use by the
intended recipient(s) named above. If you have received this transmission
in error, please notify the sender immediately and permanently delete the
e-mail and any copies, printouts or attachments thereof.

On Sat, Mar 18, 2017 at 10:55 PM, Safiullah Tariq 
wrote:

> Hello All,
>
> I hope you are doing great.
>
> I have installed PacketFence and used Out-of-Band implementation. I have
> done exactly what the guide says. However, I am still not able to get
> anything working.
>
> According to the guide, I have done the settings on Mikrotik, which was
> not an issue for me, now comes the hard part.
> I have a system with 5 LAN ports, I have setup Management on one and other
> such as Registration and Isolation on the other ports.
>
> Management IP is 10.2.2.88 (on LAN1)
> Registration IP is 192.168.2.1/24 (On LAN port 2) (VLAN ID= 2)
> Isolation IP is 192.168.3.1/24 (On LAN port 2) (VLAN ID= 3)
> IP to the Port without vlan 192.168.1.5 (on Lan port 2)
>
> 1. I dont know what is Normal VLAN as it doesn't show in the drop down
> menu.
> 2. The management interface does not have DHCP option.
> 3. In the document, there is nothing mentioned about the IP scheme of
> mikrotik.
> 4. Still i gave 192.168.1.6 ip to mikrotik's port which is connecting to
> the PF. As the out-of-band document says that Radius ip should be
> 192.168.1.5. I am not able to ping PF from mikrotik or mikrotik from PF.
> 5. Should I move all the VLANs to the management port ?
> 6. Should I setup DHCP in mikrotik ?
>
> I would like to mention here that I want to setup an out of band hotspot
> wifi
>
> Please do reply as I am sure that your emails will be very helpful.
>
> Regards,
>
>
> Safiullah Tariq
>
>
> PRIVILEGED AND CONFIDENTIAL INFORMATION: This e-mail and attachments, if
> any, may contain confidential and/or proprietary information. Please be
> advised that the unauthorized use or disclosure of the information is
> strictly prohibited. The information herein is intended only for use by the
> intended recipient(s) named above. If you have received this transmission
> in error, please notify the sender immediately and permanently delete the
> e-mail and any copies, printouts or attachments thereof.
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] help with you do not have permission to register a device with this username

[Durand fabrice]

::Portal::ProfileFactory::_from_profile)


Mar 24 05:50:34 httpd.portal(2437) INFO: [mac:7c:01:91:25:f9:eb] 
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)


If I don’t keep the mode production, then the WLC will shown the 
client status as “WEBAUTH_REQ”, and I got the captive.apple.com page 
pop up automatically but without anything showing and then it will 
display some kind of error.


Would you please shed some lights what I need to check next?

Wish you a happy weekend. Thank you so much for the help.

 ---

**

*Helen *

*From:*Helen Chen [mailto:helen_c...@resourcepro.com.cn]
*Sent:* Wednesday, March 22, 2017 3:38 PM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] help with you do not have 
permission to register a device with this username


Hi Fabrice,

I’d like to share more information with you.

I tried to add one local MAC filter on WLC side and then I’m able to 
get the ip address and have captive portal shown up. So, which means 
the the controller mac filter function should be fine. Can you shed 
some lights on if there’s anything I can check on PF MAC authen?


Thank you for your help.

 ---

**

*Helen *

*From:*Helen Chen
*Sent:* Wednesday, March 22, 2017 10:25 AM
*To:* packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* RE: [PacketFence-users] help with you do not have 
permission to register a device with this username


Hi Fabrice,

Sorry, just found out all your questions. Please see my answers below.

Are you using flexconnect in your setup ? if it's the case then you 
have to define the acl as a flex connect acl. – We didn’t use 
flexconnect on our current test AP.


Also can you take a capture of the advance tab off your ssid ?

From the vlan 51 are you able to reach the portal ip ? – I put the 
VLAN 51 gateway on our layer 3 switch (172.17.0.1). While my PF 
management /portal IP is in VLAN 254, which is our production VLAN. 
I’m able to ping portal IP.


Why don't you have a dhcp server defined in the interface guest ? – I 
use the ip-helper on the layer 3 switch to point the DHCP to 
172.17.254.254(PF registration interface). Do I still need to do this?


Do you have another choice in Nac State like radius NAC ? – SNMP 
NAC\ISE NAC\None


What happen if you remove the radius config for this ssid and try to 
connect – Do you mean I disable the AAA Server and try? I can try that 
and get back to you. But I did try to disable MAC filter, then I’m 
able to get the IP address and captive portal redirection.


 ---

**

*Helen Chen*

*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Wednesday, March 22, 2017 9:35 AM
*To:* packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* Re: [PacketFence-users] help with you do not have 
permission to register a device with this username


Hello Helen,

i ask you  some questions multiples times about your issue but you 
never answered, so first answer the questions.


Also you need mac filter.

Fabrice

Le 2017-03-21 à 04:34, Helen Chen a écrit :

Hi,

I disabled mac filter on WLC2500 and finally have my endpoint
gained ip address from PF and redirected to the registration page.
Can we do user authentication? I added AD in the source. However,
it shown “You do not have permission to register a device with
this username” after I input my domain credentials. Please see the
pf.log , profile. Conf and authentication.conf below.

*PF Log:*

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:unknown] Instantiate
profile RSP (pf::Portal::ProfileFactory::_from_profile)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Authenticating user using sources : RSPEmployee,AdminIT

(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
[RSPEmployee] Authentication successful for helen_chen
(pf::Authentication::Source::LDAPSource::authenticate)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Authentication successful for 'helen_chen' in source RSPEmployee
(AD) (pf::authentication::authenticate)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
User helen_chen has authenticated on the portal.
(Class::MOP::Class:::after)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Found source RSPEmployee in session. (Class::MOP::Class:::around)

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb]
Found source RSPEmployee in session. (Class::MOP::Cl

Re: [PacketFence-users] help with you do not have permission to register a device with this username

[Helen Chen]

Hi Fabrice,

Sorry I don't know why I never get your questions. Would you mind to paste it 
here? I'm very sorry for the hassle.


 ---

Helen Chen
Network Team, Technology Department
T: 55733100-1920
M: (86)136.9868.1669

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, March 22, 2017 9:35 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] help with you do not have permission to 
register a device with this username


Hello Helen,

i ask you  some questions multiples times about your issue but you never 
answered, so first answer the questions.

Also you need mac filter.

Fabrice



Le 2017-03-21 à 04:34, Helen Chen a écrit :
Hi,

I disabled mac filter on WLC2500 and finally have my endpoint gained ip address 
from PF and redirected to the registration page. Can we do user authentication? 
I added AD in the source. However, it shown "You do not have permission to 
register a device with this username" after I input my domain credentials. 
Please see the pf.log , profile. Conf and authentication.conf below.

PF Log:
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:unknown] Instantiate profile RSP 
(pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authenticating 
user using sources : RSPEmployee,AdminIT 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] [RSPEmployee] 
Authentication successful for helen_chen 
(pf::Authentication::Source::LDAPSource::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authentication 
successful for 'helen_chen' in source RSPEmployee (AD) 
(pf::authentication::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Successfully 
authenticated helen_chen 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using sources 
RSPEmployee for matching (pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using sources 
RSPEmployee for matching (pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use of 
uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm
 line 139.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use of 
uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm
 line 139.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Cannot find 
unregdate () or role() for user. 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Execut

Re: [PacketFence-users] help with you do not have permission to register a device with this username

[Helen Chen]

Hi Fabrice,

I'd like to share more information with you.

I tried to add one local MAC filter on WLC side and then I'm able to get the ip 
address and have captive portal shown up. So, which means the the controller 
mac filter function should be fine. Can you shed some lights on if there's 
anything I can check on PF MAC authen?

Thank you for your help.

 ---

Helen

From: Helen Chen
Sent: Wednesday, March 22, 2017 10:25 AM
To: packetfence-users@lists.sourceforge.net
Subject: RE: [PacketFence-users] help with you do not have permission to 
register a device with this username

Hi Fabrice,

Sorry, just found out all your questions. Please see my answers below.




Are you using flexconnect in your setup ? if it's the case then you have to 
define the acl as a flex connect acl. - We didn't use flexconnect on our 
current test AP.



Also can you take a capture of the advance tab off your ssid ?
[cid:image001.jpg@01D2A322.46368780]
[cid:image002.png@01D2A322.46368780]


>From the vlan 51 are you able to reach the portal ip ? - I put the VLAN 51 
>gateway on our layer 3 switch (172.17.0.1). While my PF management /portal IP 
>is in VLAN 254, which is our production VLAN. I'm able to ping portal IP.



Why don't you have a dhcp server defined in the interface guest ? - I use the 
ip-helper on the layer 3 switch to point the DHCP to 172.17.254.254(PF 
registration interface). Do I still need to do this?



Do you have another choice in Nac State like radius NAC ? - SNMP NAC\ISE 
NAC\None


What happen if you remove the radius config for this ssid and try to connect - 
Do you mean I disable the AAA Server and try? I can try that and get back to 
you. But I did try to disable MAC filter, then I'm able to get the IP address 
and captive portal redirection.


 ---

Helen Chen

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, March 22, 2017 9:35 AM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] help with you do not have permission to 
register a device with this username


Hello Helen,

i ask you  some questions multiples times about your issue but you never 
answered, so first answer the questions.

Also you need mac filter.

Fabrice



Le 2017-03-21 à 04:34, Helen Chen a écrit :
Hi,

I disabled mac filter on WLC2500 and finally have my endpoint gained ip address 
from PF and redirected to the registration page. Can we do user authentication? 
I added AD in the source. However, it shown "You do not have permission to 
register a device with this username" after I input my domain credentials. 
Please see the pf.log , profile. Conf and authentication.conf below.

PF Log:
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:unknown] Instantiate profile RSP 
(pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authenticating 
user using sources : RSPEmployee,AdminIT 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] [RSPEmployee] 
Authentication successful for helen_chen 
(pf::Authentication::Source::LDAPSource::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authentication 
successful for 'helen_chen' in source RSPEmployee (AD) 
(pf::authentication::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Successfully 
authenticated helen_chen 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authenticatio

Re: [PacketFence-users] help with you do not have permission to register a device with this username

[Durand fabrice]

Hello Helen,

i ask you  some questions multiples times about your issue but you never 
answered, so first answer the questions.


Also you need mac filter.

Fabrice



Le 2017-03-21 à 04:34, Helen Chen a écrit :


Hi,

I disabled mac filter on WLC2500 and finally have my endpoint gained 
ip address from PF and redirected to the registration page. Can we do 
user authentication? I added AD in the source. However, it shown “You 
do not have permission to register a device with this username” after 
I input my domain credentials. Please see the pf.log , profile. Conf 
and authentication.conf below.


*PF Log:*

Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:unknown] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
Authenticating user using sources : RSPEmployee,AdminIT 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
[RSPEmployee] Authentication successful for helen_chen 
(pf::Authentication::Source::LDAPSource::authenticate)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
Authentication successful for 'helen_chen' in source RSPEmployee (AD) 
(pf::authentication::authenticate)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] 
Successfully authenticated helen_chen 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)


Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] 
Calling match with empty/invalid rule class. Defaulting to 
'authentication' (pf::authentication::match)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using 
sources RSPEmployee for matching (pf::authentication::match)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found 
source RSPEmployee in session. (Class::MOP::Class:::around)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)


Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] 
Calling match with empty/invalid rule class. Defaulting to 
'authentication' (pf::authentication::match)


Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using 
sources RSPEmployee for matching (pf::authentication::match)


Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use 
of uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm 
line 139.


(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)

Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use 
of uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm 
line 139.


(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)

Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] 
Cannot find unregdate () or role() for user. 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)


Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] 
Execute actions of module 
default_policy+default_registration_policy+default_login_policy did 
not succeed. (captiveportal::PacketFence::DynamicRouting::Module::done)


Mar 21 03:54:53 httpd.portal(3444) INFO: [mac:unknown] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)


Mar 21 03:54:53 httpd.portal(3444) INFO: [mac:7c:01:91:25:f9:eb] 
Instantiate profile RSP (pf::Portal::ProfileFactory::_from_profile)

[PacketFence-users] help with you do not have permission to register a device with this username

[Helen Chen]

Hi,

I disabled mac filter on WLC2500 and finally have my endpoint gained ip address 
from PF and redirected to the registration page. Can we do user authentication? 
I added AD in the source. However, it shown "You do not have permission to 
register a device with this username" after I input my domain credentials. 
Please see the pf.log , profile. Conf and authentication.conf below.

PF Log:
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:unknown] Instantiate profile RSP 
(pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authenticating 
user using sources : RSPEmployee,AdminIT 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] [RSPEmployee] 
Authentication successful for helen_chen 
(pf::Authentication::Source::LDAPSource::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Authentication 
successful for 'helen_chen' in source RSPEmployee (AD) 
(pf::authentication::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Successfully 
authenticated helen_chen 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using sources 
RSPEmployee for matching (pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Found source 
RSPEmployee in session. (Class::MOP::Class:::around)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] User 
helen_chen has authenticated on the portal. (Class::MOP::Class:::after)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) INFO: [mac:7c:01:91:25:f9:eb] Using sources 
RSPEmployee for matching (pf::authentication::match)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use of 
uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm
 line 139.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Use of 
uninitialized value in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm
 line 139.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Cannot find 
unregdate () or role() for user. 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::execute_actions)
Mar 21 03:54:53 httpd.portal(3466) WARN: [mac:7c:01:91:25:f9:eb] Execute 
actions of module 
default_policy+default_registration_policy+default_login_policy did not 
succeed. (captiveportal::PacketFence::DynamicRouting::Module::done)
Mar 21 03:54:53 httpd.portal(3444) INFO: [mac:unknown] Instantiate profile RSP 
(pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3444) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)
Mar 21 03:54:53 httpd.portal(3444) INFO: [mac:7c:01:91:25:f9:eb] Instantiate 
profile RSP (pf::Portal::ProfileFactory::_from_profile)

Authentication role:
[Employee]
description=Employee
password=
scope=sub
binddn=CN=wirelessauth,OU=System Function Account,OU=Special 

Re: [PacketFence-users] Help or Guide

[Durand fabrice]

Hello Safiullah,



Le 2017-03-18 à 13:55, Safiullah Tariq a écrit :

Hello All,

I hope you are doing great.

I have installed PacketFence and used Out-of-Band implementation. I 
have done exactly what the guide says. However, I am still not able to 
get anything working.


According to the guide, I have done the settings on Mikrotik, which 
was not an issue for me, now comes the hard part.
I have a system with 5 LAN ports, I have setup Management on one and 
other such as Registration and Isolation on the other ports.



Do you mean the Mikrotik switch ?

Management IP is 10.2.2.88 (on LAN1)
Registration IP is 192.168.2.1/24  (On LAN port 
2) (VLAN ID= 2)
Isolation IP is 192.168.3.1/24  (On LAN port 2) 
(VLAN ID= 3)

IP to the Port without vlan 192.168.1.5 (on Lan port 2)



1. I dont know what is Normal VLAN as it doesn't show in the drop down 
menu.
A normal vlan is in fact a production vlan where you have your own 
dhcp/dns/gateway, for PacketFence it's just a vlan id

2. The management interface does not have DHCP option.
Yes this is correct, this interface is use to talk to your switch/AP 
(radius/snmp/...)
3. In the document, there is nothing mentioned about the IP scheme of 
mikrotik.
Think simple, one ip address where you can ping packetfence management 
ip address and other vlan managed by pf (reg/isol) and multiples normal 
vlan (your prod)
4. Still i gave 192.168.1.6 ip to mikrotik's port which is connecting 
to the PF. As the out-of-band document says that Radius ip should be 
192.168.1.5. I am not able to ping PF from mikrotik or mikrotik from PF.
You need to fix that, let's say it's on the same layer 2 network then 
you need to be able to ping each other.

5. Should I move all the VLANs to the management port ?

Why not, it depend of your infra.
Let say that on PacketFence you have an interface eth0 and it's directly 
connected on the Mikrotik port, so if you tag vlan 2 and vlan 3 and have 
native vlan 1 on the mikrotik side then on the Pf side you should have 
eth0 (vlan1) , eth0.2 (vlan2) and eth0.3 interface.


Also if you have more interface on the pf side eth0 eth1 eth2 then you 
can plug eth0 to the mgmt interface (mikrotik), eth1 on the Reg 
interface (mikrotik reg int) and eth2 to the isol interface.


It's an example but keep in mind that pf reg interface must ping 
mikrotik reg ip, isol ... mgmt ...

6. Should I setup DHCP in mikrotik ?

Yes for the normal vlan, not for reg and isol (this is managed by 
PacketFence)

Regards
Fabrice

I would like to mention here that I want to setup an out of band 
hotspot wifi


Please do reply as I am sure that your emails will be very helpful.

Regards,


Safiullah Tariq


PRIVILEGED AND CONFIDENTIAL INFORMATION: This e-mail and attachments, 
if any, may contain confidential and/or proprietary information. 
Please be advised that the unauthorized use or disclosure of the 
information is strictly prohibited. The information herein is intended 
only for use by the intended recipient(s) named above. If you have 
received this transmission in error, please notify the sender 
immediately and permanently delete the e-mail and any copies, 
printouts or attachments thereof.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help or Guide

[Safiullah Tariq]

Hello All,

I hope you are doing great.

I have installed PacketFence and used Out-of-Band implementation. I have
done exactly what the guide says. However, I am still not able to get
anything working.

According to the guide, I have done the settings on Mikrotik, which was not
an issue for me, now comes the hard part.
I have a system with 5 LAN ports, I have setup Management on one and other
such as Registration and Isolation on the other ports.

Management IP is 10.2.2.88 (on LAN1)
Registration IP is 192.168.2.1/24 (On LAN port 2) (VLAN ID= 2)
Isolation IP is 192.168.3.1/24 (On LAN port 2) (VLAN ID= 3)
IP to the Port without vlan 192.168.1.5 (on Lan port 2)

1. I dont know what is Normal VLAN as it doesn't show in the drop down menu.
2. The management interface does not have DHCP option.
3. In the document, there is nothing mentioned about the IP scheme of
mikrotik.
4. Still i gave 192.168.1.6 ip to mikrotik's port which is connecting to
the PF. As the out-of-band document says that Radius ip should be
192.168.1.5. I am not able to ping PF from mikrotik or mikrotik from PF.
5. Should I move all the VLANs to the management port ?
6. Should I setup DHCP in mikrotik ?

I would like to mention here that I want to setup an out of band hotspot
wifi

Please do reply as I am sure that your emails will be very helpful.

Regards,


Safiullah Tariq


PRIVILEGED AND CONFIDENTIAL INFORMATION: This e-mail and attachments, if
any, may contain confidential and/or proprietary information. Please be
advised that the unauthorized use or disclosure of the information is
strictly prohibited. The information herein is intended only for use by the
intended recipient(s) named above. If you have received this transmission
in error, please notify the sender immediately and permanently delete the
e-mail and any copies, printouts or attachments thereof.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help PacketFence Email Registration

[Raphael Brasil]

Good afternoon. 

I have a problem. I do not know if you have gone through what I will report.


Situation: 
I'm self registration, and in my simulation, I get the email with username
and password. Example:   mym...@mail.net and pass. 

When trying to use this username and password on a new device, it says
"invalid username or password" 

But... 

Creating the user manually runs. Example: mymail and pass. 

I noticed that when you create the user manually to the e-mail does not work
either. 

Resume: 

Users in   mym...@mail.net format does not working. 
While users without @ working (  mym...@mail.net ->
mymail) 

Has anyone had this problem?

 

 

"A Vida é Um Jogo, Se Você Não Pode Vencer Não Jogue!"



Skype: rbrasilfagundes

Outlook: raphae...@outlook.com



smime.p7s
Description: S/MIME cryptographic signature
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help PacketFence

[Raphael Brasil]

Good afternoon. 

I have a problem. I do not know if you have gone through what I will report.


Situation: 
I'm self registration, and in my simulation, I get the email with username
and password. Example:   mym...@mail.net and pass. 

When trying to use this username and password on a new device, it says
"invalid username or password" 

But... 

Creating the user manually runs. Example: mymail and pass. 

I noticed that when you create the user manually to the e-mail does not work
either. 

Resume: 

Users in   mym...@mail.net format does not working. 
While users without @ working (  mym...@mail.net ->
mymail) 

Has anyone had this problem?

 

"A Vida é Um Jogo, Se Você Não Pode Vencer Não Jogue!"



Skype: rbrasilfagundes

Outlook: raphae...@outlook.com

 

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help setting up the captive portal with ZEN

[Louis Munro]

Hi John,

That’s unfortunately not enough information to tell you much.

We would need to know at least the following:

1. A copy of your /usr/local/pf/conf/pf.conf configuration file (suitably 
scrubbed of passwords)
2. A copy of your /usr/local/pf/conf/network.conf file
2. The state of all services ( run “service packetfence status”)

We’ll probably need to see some logs too but let’s start with this to see where 
it  leads.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Jan 7, 2016, at 10:36 , Collins, John H  wrote:
> 
> Hi; we’re installing a new NAC for our guest wireless network, and we’re 
> trying to get a test instance of packetfence up and running. We have it 
> installed on a virtual machine; and we can reach the web GUI, but we cannot 
> get the captive portal working. Here’s the IPs we’re using;
> Management: 10.9.246.31/24
> Captive Portal: 10.9.247.100/24
> Guest network: 10.169.0.0/21
> Our hope is that the guests would connect to their Guest SSID, be redirected 
> to the captive portal to authenticate, then, after successfully 
> authenticating, they’d be able  to reach the internet.
> Right now, guests are able to connect to their SSID, and they get a validIP. 
> Then, when they try to go to google or any site, they are redirected to an 
> error page with the message ”ERR_Connection_closed; ‘The webpage at 
> https://10.9.247.100/?switch_url=https://1.1.1.1/login.html_mac=a0:a8:cd:2a:89:fb=Telecom-Test=google.com/
>  
> 
>  might be temporarily down or it may have moved permanently to a new web 
> address.’” (on chrome)
> I am not experienced with Linux, and am at a loss of what to do. Do any of 
> you have any ideas?
>  
> Regards, 
>  
> -John Collins-
>  
>  
>  
> ---
> John Collins | IT Analyst
>  
>  
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help

[Raphael Brasil]

Hello.
I am new to Linux and am testing the Packet Fence.
I'm having trouble in In registration of users from the e-mail.
How do I use an existing server (Gmail, Outlook)?
Some tutorial?

 "A Vida é Um Jogo, Se Você Não Pode Vencer Não Jogue!"
Skype: rbrasilfagundesCelular: (22) 99705-1106Outlook: 
raphaelbf@outlook.comHotmail: darksom_recreio@hotmail.comGmail: 
zecarb...@gmail.com--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users