Re: [PacketFence-users] DHCP issues on registration network both 11.2 & 12.0

[Serhiy Morhun via PacketFence-users]

Hello,
It has been a year since my initial post and I have upgraded PF multiple
times and currently using th elatest 13.0.0 but the same DHCP issue
remains. I'm forced to run a separate server for DHCP on the registration
network as a workaround.
Giacinto has confirmed the same issue last time. How do we get this bug
onto developers' radar?



Serhiy Morhun

Manager of IT

Ridgewood Public Schools

201-670-2700 ext. 10507

www.ridgewood.k12.nj.us


On Mon, Oct 17, 2022 at 1:17 PM Giacinto Caretto via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

>
>
> Good morning,
>
> same problem, and it seemed strange to me that until now no one else had
> reported it  .
>
> Some more info:
>
>- The problem seems to have appeared in the change of version from
>11.1 to 11.2. I don't know if it can hit something but in the jump between
>version 10.3 and 11 I also changed operating system from centos7 to debian.
>In the jump from version 11.1 to 11.2x I saw that there was some small
>change in the executable that manages the dhcp service
>
> https://fossies.org/diffs/packetfence/11.1.0_vs_11.2.0/go/cmd/pfdhcp/main.go-diff.html
>- The problem seems to appear when PF tries to use the first address
>of the pool, which it generates is XXX.XXX.XXX.10. In the Serhiy log we
>read the IP 192.168.32.10, while in my logs I read 10.0.5.10 because I use
>the 10.0.5.0/24 network. This does not happen after restarting the
>service. Does one of the changes of the executable between versions 11.1
>and 11.2 concern the management of the first address to be released?
>- the problem is very subtle because it does not appear immediately
>after the service starts and when the system enters this loop if I restart
>the dhcp service everything returns to work
>- I have 3 locations with standalone  installations, all with 11.2 and
>in all three I have the same problem.
>- For now we are proceeding with some workrounds such as periodic
>restarts of the dhcp service through the cron or on other locations by
>regenerating the arp table more frequently (lowering the value of
>neigh.default.gc_thresh from 128 to 64  ☹)
>
> I hope I have added some useful details to the solution.
>
> thanks and bye
>
>
>
> Giacinto Caretto
>
>
>
> */*/*/*/*/*/*/*/*/*/*/*/*/*/*/
>
> Giacinto Caretto.
>
> TERIN-ICT-RETE
>
> giacinto.care...@enea.it
>
> ENEA - CR Brindisi
>
> */*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
>
>
>
> --
>
> Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle
> persone indicate e la casella di posta elettron ica da cui è stata inviata
> è da qualificarsi quale strumento aziendale.
>
> La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza
> di queste informazioni sono rigorosamente viet ate (art. 616 c.p, D.Lgs. n.
> 196/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
>
> Qualora abbiate ricevuto questo documento per errore siete cortesemente
> pregati di darne immediata comunicazione al mit tente e di provvedere alla
> sua distruzione. Grazie.
>
> This e-mail and any attachments is confidential and may contain privileged
> information intended for the addressee(s) on ly.
>
> Dissemination, copying, printing or use by anybody else is unauthorised
> (art. 616 c.p, D.Lgs. n. 196/2003 and subsequen t amendments and GDPR UE
> 2016/679).
>
> If you are not the intended recipient, please delete this message and any
> attachments and advise the sender by return e -mail. Thanks.
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

-- 


*---***

*THE INFORMATION CONTAINED IN THIS MESSAGE (E-MAIL AND ANY ATTACHMENTS) IS 
INTENDED ONLY FOR THE INDIVIDUAL AND CONFIDENTIAL USE OF THE DESIGNATED 
RECIPIENT(S).*

If any reader of this message is not an intended recipient 
or any agent responsible for delivering it to an intended recipient, you 
are hereby notified that you have received this document in error, and that 
any review, dissemination, distribution, copying or other use of this 
message is prohibited.  If you have received this message in error, please 
notify us immediately by reply e-mail message or by telephone and delete 
the original message from your e-mail system and/or computer database.  
Thank you.

*---*

**NOTICE**:

*You are advised that e-mail correspondence and attachments 
between the public and the Ridgewood Board of Education are obtainable by 
any person who files a request under the NJ Open Public Records Act (OPRA) 
unless it is subject to a specific OPRA exception.  You should have no 
expectation that the content of e-mails sent to or from 

Re: [PacketFence-users] DHCP issues on registration network both 11.2 & 12.0

[Fabrice Durand via PacketFence-users]

Hello,
i was able to replicate and push a patch in the maintenance 12.0 to fix the
mysql pool backend.
https://github.com/inverse-inc/packetfence/commit/f4685bd3318cb2282a36654b7cdb3daa3583c3c3
https://github.com/inverse-inc/packetfence/commit/4e9ae1c39b7a33b0859fe3a7a93c9552c6e969c7

The maintenance should be available tomorrow.
Regards
Fabrice

Le jeu. 10 nov. 2022 à 05:02, Giacinto Caretto via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello, any suggestions?
>
> If it is useful I have the dhcp logs in debug mode.
>
> Thank you
>
> GC
>
>
>
> */*/*/*/*/*/*/*/*/*/*/*/*/*/*/
>
> Giacinto Caretto.
>
> TERIN-ICT-RETE
>
> giacinto.care...@enea.it
>
> ENEA - CR Brindisi
>
> */*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
>
>
>
> --
>
> Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle
> persone indicate e la casella di posta elettron ica da cui è stata inviata
> è da qualificarsi quale strumento aziendale.
>
> La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza
> di queste informazioni sono rigorosamente viet ate (art. 616 c.p, D.Lgs. n.
> 196/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
>
> Qualora abbiate ricevuto questo documento per errore siete cortesemente
> pregati di darne immediata comunicazione al mit tente e di provvedere alla
> sua distruzione. Grazie.
>
> This e-mail and any attachments is confidential and may contain privileged
> information intended for the addressee(s) on ly.
>
> Dissemination, copying, printing or use by anybody else is unauthorised
> (art. 616 c.p, D.Lgs. n. 196/2003 and subsequen t amendments and GDPR UE
> 2016/679).
>
> If you are not the intended recipient, please delete this message and any
> attachments and advise the sender by return e -mail. Thanks.
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on layer 3 network non functional

[Durand fabrice via PacketFence-users]

Hello Adam,

can you provides the pf.conf and networks.conf file ?

Regards

Fabrice


Le 20-10-28 à 10 h 15, Franklin, Adam via PacketFence-users a écrit :


Hi

Version 10.2.0

None of my clients can pick up an IP address from DHCP from one of the 
Inline Layer 3 networks I have setup on PacketFence. I’ve setup 
several of these servers before exactly the same way and its always 
worked first time, now I can’t get this to work. I’ve rebuilt the 
server twice and still no joy.


DHCP Log:

Oct 28 14:08:51 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:51+ 
lvl=eror msg="Error while creating statsd client: write udp 
[::1]:41262->[::1]:8125: write: connection refused" pid=1746


Oct 28 14:08:52 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:52+ 
lvl=eror msg="Error while creating statsd client: write udp 
[::1]:51735->[::1]:8125: write: connection refused" pid=1746


Oct 28 14:08:53 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:53+ 
lvl=eror msg="Error while creating statsd client: write udp 
[::1]:50606->[::1]:8125: write: connection refused" pid=1746


Oct 28 14:08:54 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:54+ 
lvl=eror msg="Error while creating statsd client: write udp 
[::1]:40669->[::1]:8125: write: connection refused" pid=1746


Oct 28 14:08:55 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:55+ 
lvl=eror msg="Error while creating statsd client: write udp 
[::1]:47354->[::1]:8125: write: connection refused" pid=1746


DHCP Listener Log:

Oct 28 14:11:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: 
[mac:unknown] DHCPREQUEST from c0:e8:62:16:f2:f2 (10.39.89.176) with 
lease of 7776000 seconds (pf::dhcp::processor_v4::parse_dhcp_request)


Oct 28 14:11:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: 
[mac:unknown] The listener process is NOT on the same server as the 
DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp)


Oct 28 14:12:00 vs-ncl-pf pfdhcplistener: pfqueue(1864) INFO: 
[mac:unknown] DHCPREQUEST from 76:f9:23:c0:f8:b5 (10.39.89.7) 
(pf::dhcp::processor_v4::parse_dhcp_request)


Oct 28 14:12:00 vs-ncl-pf pfdhcplistener: pfqueue(1864) INFO: 
[mac:unknown] The listener process is NOT on the same server as the 
DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp)


Oct 28 14:12:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: 
[mac:unknown] DHCPREQUEST from c0:e8:62:16:f2:f2 (10.39.89.176) with 
lease of 7776000 seconds (pf::dhcp::processor_v4::parse_dhcp_request)


Oct 28 14:12:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: 
[mac:unknown] The listener process is NOT on the same server as the 
DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp)


Thanks

Adam

This message may contain confidential information and is intended only 
for the individual(s) named. If you are not the named addressee you 
should not disseminate, distribute, print or copy this e-mail. Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive 
late or incomplete, or contain viruses. The sender therefore does not 
accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. Please note 
that any views or opinions presented in this e-mail are solely those 
of the author and do not necessarily represent those of NCG. Finally, 
the recipient should check this e-mail and any attachments for the 
presence of viruses. Although this e-mail and its attachments are 
believed to be free of any virus or other defects, which might affect 
any computer or IT system into which they are received, no 
responsibility is accepted by NCG or any of its associated companies 
for any loss or damage arising in any way from the receipt or use thereof.


NCG Corporation is incorporated under the Further and Higher Education 
Act for the provision of education to students, its trading divisions 
are Newcastle College, Newcastle Sixth Form College, West Lancashire 
College, Kidderminster College, Carlisle College, Lewisham and 
Southwark and its registered office is at Rye Hill House, Scotswood 
Road, Newcastle upon Tyne, NE4 7SA.




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on layer 3 network non functional

[Ludovic Zammit via PacketFence-users]

Hello Adam,

Are you using brocade switches on layer3 sites?

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Oct 28, 2020, at 10:15 AM, Franklin, Adam via PacketFence-users 
>  wrote:
> 
> Hi
>  
> Version 10.2.0
>  
> None of my clients can pick up an IP address from DHCP from one of the Inline 
> Layer 3 networks I have setup on PacketFence. I’ve setup several of these 
> servers before exactly the same way and its always worked first time, now I 
> can’t get this to work. I’ve rebuilt the server twice and still no joy.
>  
> DHCP Log:
>  
> Oct 28 14:08:51 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:51+ lvl=eror 
> msg="Error while creating statsd client: write udp [::1]:41262->[::1]:8125: 
> write: connection refused" pid=1746
> Oct 28 14:08:52 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:52+ lvl=eror 
> msg="Error while creating statsd client: write udp [::1]:51735->[::1]:8125: 
> write: connection refused" pid=1746
> Oct 28 14:08:53 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:53+ lvl=eror 
> msg="Error while creating statsd client: write udp [::1]:50606->[::1]:8125: 
> write: connection refused" pid=1746
> Oct 28 14:08:54 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:54+ lvl=eror 
> msg="Error while creating statsd client: write udp [::1]:40669->[::1]:8125: 
> write: connection refused" pid=1746
> Oct 28 14:08:55 vs-ncl-pf pfdhcp[1746]: t=2020-10-28T14:08:55+ lvl=eror 
> msg="Error while creating statsd client: write udp [::1]:47354->[::1]:8125: 
> write: connection refused" pid=1746
>  
> DHCP Listener Log:
>  
> Oct 28 14:11:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: [mac:unknown] 
> DHCPREQUEST from c0:e8:62:16:f2:f2 (10.39.89.176) with lease of 7776000 
> seconds (pf::dhcp::processor_v4::parse_dhcp_request)
> Oct 28 14:11:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: [mac:unknown] 
> The listener process is NOT on the same server as the DHCP server. 
> (pf::dhcp::processor_v4::pf_is_dhcp)
> Oct 28 14:12:00 vs-ncl-pf pfdhcplistener: pfqueue(1864) INFO: [mac:unknown] 
> DHCPREQUEST from 76:f9:23:c0:f8:b5 (10.39.89.7) 
> (pf::dhcp::processor_v4::parse_dhcp_request)
> Oct 28 14:12:00 vs-ncl-pf pfdhcplistener: pfqueue(1864) INFO: [mac:unknown] 
> The listener process is NOT on the same server as the DHCP server. 
> (pf::dhcp::processor_v4::pf_is_dhcp)
> Oct 28 14:12:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: [mac:unknown] 
> DHCPREQUEST from c0:e8:62:16:f2:f2 (10.39.89.176) with lease of 7776000 
> seconds (pf::dhcp::processor_v4::parse_dhcp_request)
> Oct 28 14:12:53 vs-ncl-pf pfdhcplistener: pfqueue(1859) INFO: [mac:unknown] 
> The listener process is NOT on the same server as the DHCP server. 
> (pf::dhcp::processor_v4::pf_is_dhcp)
>  
> Thanks 
>  
> Adam
>  
> This message may contain confidential information and is intended only for 
> the individual(s) named. If you are not the named addressee you should not 
> disseminate, distribute, print or copy this e-mail. Please notify the sender 
> immediately by e-mail if you have received this e-mail by mistake and delete 
> this e-mail from your system. E-mail transmission cannot be guaranteed to be 
> secure or error-free as information could be intercepted, corrupted, lost, 
> destroyed, arrive late or incomplete, or contain viruses. The sender 
> therefore does not accept liability for any errors or omissions in the 
> contents of this message, which arise as a result of e-mail transmission. 
> Please note that any views or opinions presented in this e-mail are solely 
> those of the author and do not necessarily represent those of NCG. Finally, 
> the recipient should check this e-mail and any attachments for the presence 
> of viruses. Although this e-mail and its attachments are believed to be free 
> of any virus or other defects, which might affect any computer or IT system 
> into which they are received, no responsibility is accepted by NCG or any of 
> its associated companies for any loss or damage arising in any way from the 
> receipt or use thereof.
> 
>  
> NCG Corporation is incorporated under the Further and Higher Education Act 
> for the provision of education to students, its trading divisions are 
> Newcastle College, Newcastle Sixth Form College, West Lancashire College, 
> Kidderminster College, Carlisle College, Lewisham and Southwark and its 
> registered office is at Rye Hill House, Scotswood Road, Newcastle upon Tyne, 
> NE4 7SA.
> 
>   ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 

Re: [PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

[Tomasz Karczewski via PacketFence-users]

Hi Fabrice,

 

Ill capture and send it to you.

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 

From: Durand fabrice via PacketFence-users 
 
Sent: Wednesday, July 29, 2020 4:56 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

 

can you provide a pcap file of the dhcp traffic with this option inside ?

Le 20-07-28 à 05 h 38, Tomasz Karczewski via PacketFence-users a écrit :

HI,

 

Do you know how to create response on PF10 DHCP filters for Cisco AP similiar 
to  
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html#anc13
 ??

 

Tomasz Karczewski

Administrator Sieci

 



 

tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> 

http://www.man.olsztyn.pl  http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

 

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie

 






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP OPTION 43 filter for Cisco Lightweight AP

[Durand fabrice via PacketFence-users]

can you provide a pcap file of the dhcp traffic with this option inside ?

Le 20-07-28 à 05 h 38, Tomasz Karczewski via PacketFence-users a écrit :


HI,

Do you know how to create response on PF10 DHCP filters for Cisco AP 
similiar to 
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html#anc13 
??


Tomasz Karczewski

Administrator Sieci

tkarczew...@man.olsztyn.pl

http://www.man.olsztyn.pl http://www.uwm.edu.pl

tel. (89) 523 45 55  fax. (89) 523 43 47

Ośrodek Eksploatacji i Zarządzania

Miejską Siecią Komputerową OLMAN w Olsztynie

Uniwersytet Warmińsko-Mazurski w Olsztynie



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcp assignment - client not recived

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 2019-08-14 11:16 a.m., Casagrande Roberto, SEDE CENTRALE - GUBBIO, 
Colacem S.p.A. via PacketFence-users wrote:

I need help for dhcp assignment to client device.

The switch where the client is connect work fine, assign a correct vlan 
that I want; but the server PF not release an ip into this vlan.


Is your device and PacketFence server on the same layer 2 network ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP External - How configure PacketFence

[Durand fabrice via PacketFence-users]

Hello Lucas,

you probably need to have an interface of the dhcp server in the inline 
network.


Or you can probably install a dhcp relay on the pf box.

Regards

Fabrice


Le 19-06-28 à 09 h 06, Lucas Soares via PacketFence-users a écrit :


Hello guys,

Need help.  How can i configure packetfence work with external dhcp 
server?


I disabled the service and unselected the dhcp in the inline 
interface, but did not work


Anyone knows how can i do?

Thanks
*Lucas Soares do Nascimento
*



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Errors on Packetfence and Debian 9

[Thomas OLIVIER via PacketFence-users]

Hello,

Replied too quickly, sorry issue is still in the log.

md5sum pfdhcp 362161152b157c42c6420c20461aec8d
-rwxr-xr-x 1 pf pf 8997584 mai   24 11:12 pfdhcp


May 27 14:54:07 portailtest pfdhcp[130632]: recovered from runtime 
error: invalid memory address or nil pointer dereference
May 27 14:54:07 portailtest pfdhcp[130632]: runtime.errorString runtime 
error: invalid memory address or nil pointer dereference
May 27 14:54:07 portailtest pfdhcp[130632]: 
/usr/local/go/src/runtime/panic.go:82 (0x441d61)
May 27 14:54:07 portailtest pfdhcp[130632]: 
/usr/local/go/src/runtime/panic.go:81 (0x441b90)
May 27 14:54:07 portailtest pfdhcp[130632]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311 
(0x7d2835)
May 27 14:54:07 portailtest pfdhcp[130632]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22 
(0x7e09ab)
May 27 14:54:07 portailtest pfdhcp[130632]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:128 
(0x7e1a08)
May 27 14:54:07 portailtest pfdhcp[130632]: 
/usr/local/go/src/runtime/asm_amd64.s:1337 (0x459551)

May 27 14:54:07 portailtest pfdhcp[130632]: (dhcp4.Options) (len=7) {
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionParameterRequestList: ([]uint8) (len=11 cap=41) {
May 27 14:54:07 portailtest pfdhcp[130632]:     01 0f 03 06 2c 
2e 2f 1f  21 f9 2b |,./.!.+|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionVendorSpecificInformation: ([]uint8) (len=2 cap=28) {
May 27 14:54:07 portailtest pfdhcp[130632]:     dc 
00 |..|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionClientIdentifier: ([]uint8) (len=7 cap=72) {
May 27 14:54:07 portailtest pfdhcp[130632]:     01 00 90 4b 6a 
5c 39  |...Kj\9|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionHostName: ([]uint8) (len=10 cap=63) {
May 27 14:54:07 portailtest pfdhcp[130632]:     74 68 6f 6d 61 
73 70 6f  72 74    |thomasport|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionVendorClassIdentifier: ([]uint8) (len=8 cap=51) {
May 27 14:54:07 portailtest pfdhcp[130632]:     4d 53 46 54 20 
35 2e 30   |MSFT 5.0|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionDHCPMessageType: ([]uint8) (len=1 cap=78) {
May 27 14:54:07 portailtest pfdhcp[130632]:    
01    |.|

May 27 14:54:07 portailtest pfdhcp[130632]:  },
May 27 14:54:07 portailtest pfdhcp[130632]:  (dhcp4.OptionCode) 
OptionCode(116): ([]uint8) (len=1 cap=75) {
May 27 14:54:07 portailtest pfdhcp[130632]:    
01    |.|

May 27 14:54:07 portailtest pfdhcp[130632]:  }
May 27 14:54:07 portailtest pfdhcp[130632]: }
May 27 14:54:07 portailtest pfdhcp: recovered from  runtime error: 
invalid memory address or nil pointer dereference
May 27 14:54:07 portailtest pfdhcp: runtime.errorString runtime error: 
invalid memory address or nil pointer dereference
May 27 14:54:07 portailtest pfdhcp: 
/usr/local/go/src/runtime/panic.go:82 (0x441d61)
May 27 14:54:07 portailtest pfdhcp: 
/usr/local/go/src/runtime/panic.go:81 (0x441b90)
May 27 14:54:07 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311 
(0x7d2835)
May 27 14:54:07 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22 
(0x7e09ab)
May 27 14:54:07 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.XjRmlKqqvo/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:128 
(0x7e1a08)
May 27 14:54:07 portailtest pfdhcp: 
/usr/local/go/src/runtime/asm_amd64.s:1337 (0x459551)

May 27 14:54:07 portailtest pfdhcp: (dhcp4.Options) (len=7) {
May 27 14:54:07 portailtest pfdhcp: (dhcp4.OptionCode) 
OptionParameterRequestList: ([]uint8) (len=11 cap=41) {
May 27 14:54:07 portailtest pfdhcp:    01 0f 03 06 2c 2e 2f 1f  
21 f9 2b |,./.!.+|

May 27 14:54:07 portailtest pfdhcp: },
May 27 14:54:07 portailtest pfdhcp: (dhcp4.OptionCode) 
OptionVendorSpecificInformation: ([]uint8) (len=2 cap=28) {
May 27 14:54:07 portailtest pfdhcp:    dc 
00 |..|

May 27 14:54:07 portailtest pfdhcp: },
May 27 14:54:07 portailtest pfdhcp: (dhcp4.OptionCode) 
OptionClientIdentifier: ([]uint8) (len=7 cap=72) {
May 27 

Re: [PacketFence-users] DHCP Errors on Packetfence and Debian 9

[Thomas OLIVIER via PacketFence-users]

Hello,

Patch applied. It seems to be ok.

Thank's Fabrice !


Thomas.

On 23/05/2019 17:42, Fabrice Durand via PacketFence-users wrote:


Hello Thomas,

i see what is the issue.

i will patch it and the new binary will be available tomorrow from the 
maintenance (pf-maint.pl).


Regards

Fabrice


Le 19-05-23 à 09 h 51, Thomas OLIVIER via PacketFence-users a écrit :


Hi All,

I've got an issue on my PacketFence fresh install on Debian9. All 
works fine but when my computer try a DHCPDISCOVER PF crash with that 
errors.


I didn't remember about that error with the "first" dev packages 
released a few days ago



Thank's

Thomas.


May 23 15:07:55 portailtest auth[1]: (4775) Login OK: [00-90-4b-6a-5c-39] 
(from client 192.168.24.8 port 13 cli 00:90:4b:6a:5c:39)
==> logs/packetfence.log <==
May 23 15:07:55 portailtest pfdhcp[14886]: recovered from  runtime error: 
invalid memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp[14886]: runtime.errorString runtime error: 
invalid memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/panic.go:82 (0x441d61)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/panic.go:81 (0x441b90)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311
 (0x7d2835)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22
 (0x7e09ab)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:128
 (0x7e1a08)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/asm_amd64.s:1337 (0x459551)
May 23 15:07:55 portailtest pfdhcp[14886]: (dhcp4.Options) (len=8) {
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionDHCPMessageType: ([]uint8) (len=1 cap=78) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01   
 |.|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionClientIdentifier: ([]uint8) (len=7 cap=72) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01 00 90 4b 6a 5c 39 
 |...Kj\9|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionRequestedIPAddress: ([]uint8) (len=4 cap=63) {
May 23 15:07:55 portailtest pfdhcp[14886]:     a9 fe 96 2d  
 |...-|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionVendorClassIdentifier: ([]uint8) (len=8 cap=45) {
May 23 15:07:55 portailtest pfdhcp[14886]:     4d 53 46 54 20 35 2e 30  
 |MSFT 5.0|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionParameterRequestList: ([]uint8) (len=11 cap=35) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01 0f 03 06 2c 2e 2f 1f  
21 f9 2b |,./.!.+|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) OptionCode(116): 
([]uint8) (len=1 cap=75) {
May 23 15:07:56 portailtest pfdhcp[14886]:     01   
 |.|
May 23 15:07:56 portailtest pfdhcp[14886]:  },
May 23 15:07:56 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) OptionHostName: 
([]uint8) (len=10 cap=57) {
May 23 15:07:56 portailtest pfdhcp[14886]:     74 68 6f 6d 61 73 70 6f  
72 74    |thomasport|
May 23 15:07:56 portailtest pfdhcp[14886]:  },
May 23 15:07:56 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionVendorSpecificInformation: ([]uint8) (len=2 cap=22) {
May 23 15:07:56 portailtest pfdhcp[14886]:     dc 00
 |..|
May 23 15:07:56 portailtest pfdhcp[14886]:  }
May 23 15:07:56 portailtest pfdhcp[14886]: }
May 23 15:07:55 portailtest pfdhcp: recovered from  runtime error: invalid 
memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp: runtime.errorString runtime error: invalid 
memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp: /usr/local/go/src/runtime/panic.go:82 
(0x441d61)
May 23 15:07:55 portailtest pfdhcp: /usr/local/go/src/runtime/panic.go:81 
(0x441b90)
May 23 15:07:55 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311
 (0x7d2835)
May 23 15:07:55 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22
 (0x7e09ab)
May 23 15:07:55 portailtest pfdhcp: 

Re: [PacketFence-users] DHCP Errors on Packetfence and Debian 9

[Fabrice Durand via PacketFence-users]

Hello Thomas,

i see what is the issue.

i will patch it and the new binary will be available tomorrow from the 
maintenance (pf-maint.pl).


Regards

Fabrice


Le 19-05-23 à 09 h 51, Thomas OLIVIER via PacketFence-users a écrit :


Hi All,

I've got an issue on my PacketFence fresh install on Debian9. All 
works fine but when my computer try a DHCPDISCOVER PF crash with that 
errors.


I didn't remember about that error with the "first" dev packages 
released a few days ago



Thank's

Thomas.


May 23 15:07:55 portailtest auth[1]: (4775) Login OK: [00-90-4b-6a-5c-39] 
(from client 192.168.24.8 port 13 cli 00:90:4b:6a:5c:39)
==> logs/packetfence.log <==
May 23 15:07:55 portailtest pfdhcp[14886]: recovered from  runtime error: 
invalid memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp[14886]: runtime.errorString runtime error: 
invalid memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/panic.go:82 (0x441d61)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/panic.go:81 (0x441b90)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311
 (0x7d2835)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22
 (0x7e09ab)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:128
 (0x7e1a08)
May 23 15:07:55 portailtest pfdhcp[14886]: 
/usr/local/go/src/runtime/asm_amd64.s:1337 (0x459551)
May 23 15:07:55 portailtest pfdhcp[14886]: (dhcp4.Options) (len=8) {
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionDHCPMessageType: ([]uint8) (len=1 cap=78) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01   
 |.|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionClientIdentifier: ([]uint8) (len=7 cap=72) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01 00 90 4b 6a 5c 39 
 |...Kj\9|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionRequestedIPAddress: ([]uint8) (len=4 cap=63) {
May 23 15:07:55 portailtest pfdhcp[14886]:     a9 fe 96 2d  
 |...-|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionVendorClassIdentifier: ([]uint8) (len=8 cap=45) {
May 23 15:07:55 portailtest pfdhcp[14886]:     4d 53 46 54 20 35 2e 30  
 |MSFT 5.0|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionParameterRequestList: ([]uint8) (len=11 cap=35) {
May 23 15:07:55 portailtest pfdhcp[14886]:     01 0f 03 06 2c 2e 2f 1f  
21 f9 2b |,./.!.+|
May 23 15:07:55 portailtest pfdhcp[14886]:  },
May 23 15:07:55 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) OptionCode(116): 
([]uint8) (len=1 cap=75) {
May 23 15:07:56 portailtest pfdhcp[14886]:     01   
 |.|
May 23 15:07:56 portailtest pfdhcp[14886]:  },
May 23 15:07:56 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) OptionHostName: 
([]uint8) (len=10 cap=57) {
May 23 15:07:56 portailtest pfdhcp[14886]:     74 68 6f 6d 61 73 70 6f  
72 74    |thomasport|
May 23 15:07:56 portailtest pfdhcp[14886]:  },
May 23 15:07:56 portailtest pfdhcp[14886]:  (dhcp4.OptionCode) 
OptionVendorSpecificInformation: ([]uint8) (len=2 cap=22) {
May 23 15:07:56 portailtest pfdhcp[14886]:     dc 00
 |..|
May 23 15:07:56 portailtest pfdhcp[14886]:  }
May 23 15:07:56 portailtest pfdhcp[14886]: }
May 23 15:07:55 portailtest pfdhcp: recovered from  runtime error: invalid 
memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp: runtime.errorString runtime error: invalid 
memory address or nil pointer dereference
May 23 15:07:55 portailtest pfdhcp: /usr/local/go/src/runtime/panic.go:82 
(0x441d61)
May 23 15:07:55 portailtest pfdhcp: /usr/local/go/src/runtime/panic.go:81 
(0x441b90)
May 23 15:07:55 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:311
 (0x7d2835)
May 23 15:07:55 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/workers_pool.go:22
 (0x7e09ab)
May 23 15:07:55 portailtest pfdhcp: 
/tmp/buildd/packetfence-9.0.0/debian/tmp.TSwJUhhjgT/src/github.com/inverse-inc/packetfence/go/dhcp/main.go:128
 (0x7e1a08)
May 23 15:07:55 portailtest pfdhcp: 

Re: [PacketFence-users] DHCP Issues

[Seán Mac Lochlainn via PacketFence-users]

Hello Fabrice,


>can you try that:
>curl http://127.0.0.1:2/api/v1/dhcp/stats/eth0.3 | python -m json.tool
>and paste the result.


I ran the command and the outcome was

{
  “message”: “interface not found”
}

Well I assume this is a problem haha! Is there any steps I need to follow to 
solve this issue?


Also another question you may be able to help me with, when I plug a client 
into a switchport, the client doesn’t receive a Registration VLAN address and 
I’m unsure why. The DHCPLISTENER is listening on the sub-interfaces of the 
VLANs and there is pools created for the interfaces. I ran the  curl 
http://127.0.0.1:2/api/v1/dhcp/stats/eth0.3 | python -m json.tool command 
you gave me and changed the interface to the registration and the output of it 
is

{

  “category”: “none”,
  “free”: “237”,
  “interface”: “eth0.11”,
  “members”: “null”,
  “network”: “192.168.11.0/24”,
  “options”:{

“optionDomainName”: 
“vlan-registration.packetfence.org”,
“optionDomainNameServer”: “192.168.11.1”,
   “optionIPAddressLeaseTime”: “30s”,
   “optionRouter”: “192.168.11.1”,
   “optionSubnetMask”: “255.255.255.0”,
  },
  “percentfree”: 100,
  “percentused”: 0,
  “size”: 237,
  “status”: “Normal”,
  “used”: 0,

}



Do you know of anything else I can do to get the PacketFence DHCP to work for 
me?



Thank you for your help,
Sean





From: Fabrice Durand via PacketFence-users 

Sent: Friday, March 22, 2019 12:41:15 PM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] DHCP Issues


Hello Sean,

can you try that:

curl http://127.0.0.1:2/api/v1/dhcp/stats/eth0.3 | python -m json.tool

and paste the result.

Regards

Fabrice


Le 19-03-21 à 11 h 32, Seán Mac Lochlainn via PacketFence-users a écrit :

Hi Nicolas,

I created an external DHCP server in Windows Server and also added the DHCP 
server to the ‘Production DHCP servers’ list in the Admin Interface. The user 
will now go to VLAN 10 (Production) when authenticated. Using WireShark, I 
noticed that the external DHCP server I created now sends a DHCPOFFER to the 
client but there is no DHCPREQUEST from the client which I’m unsure why.

Is there any further configuration needed to integrate the external DHCP server 
into PacketFence or is it a configuration issue? I tried using ip 
helper-address on the switch but still receive the same issue



Any further help would be greatly appreciated



Regards,

Sean




From: Nicolas Quiniou-Briand via PacketFence-users 
<mailto:packetfence-users@lists.sourceforge.net>
Sent: Thursday, March 21, 2019 8:28:01 AM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Nicolas Quiniou-Briand
Subject: Re: [PacketFence-users] DHCP Issues

Hello,

On 2019-03-20 5:09 p.m., Seán Mac Lochlainn via PacketFence-users wrote:
> Hi Everyone,
>
> I’m a student and doing a project, creating a small lab with 802.1x
> authentication.
>
> I’m facing issues with the DHCP from PacketFence assigning the client an
> IP address. (Client doesn’t get an IP address on registration or
> isolation VLAN).
>
> I can successfully authenticate clients using PEAP but the client
> doesn’t receive a correct IP address of the VLAN it has been assigned
> to. Normally it will receive a 169.254.x.x IP address instead.

If your clients are correctly authenticate, they should not go in
registration or isolation networks. You should return another VLAN where
you have your own production or test DHCP server.
--
Nicolas Quiniou-Briand
n...@inverse.ca<mailto:n...@inverse.ca>  ::  +1.514.447.4918 *140  ::  
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Issues

[Nicolas Quiniou-Briand via PacketFence-users]

Hello Sean,

On 2019-03-21 4:32 p.m., Seán Mac Lochlainn wrote:
I created an external DHCP server in Windows Server and also added the 
DHCP server to the ‘Production DHCP servers’ list in the Admin 
Interface. The user will now go to VLAN 10 (Production) when 
authenticated. Using WireShark, I noticed that the external DHCP server 
I created now sends a DHCPOFFER to the client but there is no 
DHCPREQUEST from the client which I’m unsure why.


Is there any further configuration needed to integrate the external DHCP 
server into PacketFence or is it a configuration issue? 


No. Your device should be able to reach your DHCP server at layer 2 
(through broadcast). If your DHCP server is on a different layer 2 
network, you should use a DHCP relay on the VLAN interface of your VLAN 
10 to send DHCP requests to your DHCP server.


--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Issues

[Fabrice Durand via PacketFence-users]

Hello Sean,

can you try that:

curl http://127.0.0.1:2/api/v1/dhcp/stats/eth0.3 | python -m json.tool

and paste the result.

Regards

Fabrice


Le 19-03-21 à 11 h 32, Seán Mac Lochlainn via PacketFence-users a écrit :


Hi Nicolas,

I created an external DHCP server in Windows Server and also added the 
DHCP server to the ‘Production DHCP servers’ list in the Admin 
Interface. The user will now go to VLAN 10 (Production) when 
authenticated. Using WireShark, I noticed that the external DHCP 
server I created now sends a DHCPOFFER to the client but there is no 
DHCPREQUEST from the client which I’m unsure why.


Is there any further configuration needed to integrate the external 
DHCP server into PacketFence or is it a configuration issue? I tried 
using ip helper-address on the switch but still receive the same issue


Any further help would be greatly appreciated

Regards,

Sean


*From:* Nicolas Quiniou-Briand via PacketFence-users 


*Sent:* Thursday, March 21, 2019 8:28:01 AM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Nicolas Quiniou-Briand
*Subject:* Re: [PacketFence-users] DHCP Issues
Hello,

On 2019-03-20 5:09 p.m., Seán Mac Lochlainn via PacketFence-users wrote:
> Hi Everyone,
>
> I’m a student and doing a project, creating a small lab with 802.1x
> authentication.
>
> I’m facing issues with the DHCP from PacketFence assigning the 
client an

> IP address. (Client doesn’t get an IP address on registration or
> isolation VLAN).
>
> I can successfully authenticate clients using PEAP but the client
> doesn’t receive a correct IP address of the VLAN it has been assigned
> to. Normally it will receive a 169.254.x.x IP address instead.

If your clients are correctly authenticate, they should not go in
registration or isolation networks. You should return another VLAN where
you have your own production or test DHCP server.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Issues

[Seán Mac Lochlainn via PacketFence-users]

Hi Nicolas,

I created an external DHCP server in Windows Server and also added the DHCP 
server to the ‘Production DHCP servers’ list in the Admin Interface. The user 
will now go to VLAN 10 (Production) when authenticated. Using WireShark, I 
noticed that the external DHCP server I created now sends a DHCPOFFER to the 
client but there is no DHCPREQUEST from the client which I’m unsure why.

Is there any further configuration needed to integrate the external DHCP server 
into PacketFence or is it a configuration issue? I tried using ip 
helper-address on the switch but still receive the same issue



Any further help would be greatly appreciated



Regards,

Sean




From: Nicolas Quiniou-Briand via PacketFence-users 

Sent: Thursday, March 21, 2019 8:28:01 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand
Subject: Re: [PacketFence-users] DHCP Issues

Hello,

On 2019-03-20 5:09 p.m., Seán Mac Lochlainn via PacketFence-users wrote:
> Hi Everyone,
>
> I’m a student and doing a project, creating a small lab with 802.1x
> authentication.
>
> I’m facing issues with the DHCP from PacketFence assigning the client an
> IP address. (Client doesn’t get an IP address on registration or
> isolation VLAN).
>
> I can successfully authenticate clients using PEAP but the client
> doesn’t receive a correct IP address of the VLAN it has been assigned
> to. Normally it will receive a 169.254.x.x IP address instead.

If your clients are correctly authenticate, they should not go in
registration or isolation networks. You should return another VLAN where
you have your own production or test DHCP server.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Issues

[Nicolas Quiniou-Briand via PacketFence-users]

Hello,

On 2019-03-20 5:09 p.m., Seán Mac Lochlainn via PacketFence-users wrote:

Hi Everyone,

I’m a student and doing a project, creating a small lab with 802.1x 
authentication.


I’m facing issues with the DHCP from PacketFence assigning the client an 
IP address. (Client doesn’t get an IP address on registration or 
isolation VLAN).


I can successfully authenticate clients using PEAP but the client 
doesn’t receive a correct IP address of the VLAN it has been assigned 
to. Normally it will receive a 169.254.x.x IP address instead.


If your clients are correctly authenticate, they should not go in 
registration or isolation networks. You should return another VLAN where 
you have your own production or test DHCP server.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Option 43

[Durand fabrice via PacketFence-users]

Hello Thomas,

you can do this kind of configuration but via the pfdhcp api 
(https://github.com/inverse-inc/packetfence/tree/devel/go/dhcp).


Per example you can add this option 43 for a specific network.

Also there is a new feature that is not yet merged in PacketFence that 
will allow you to add options based on the device parameter (mac, dhcp, 
fingerprint, ...).


But to use it you will need to apply a patch and recompile the dhcp 
server. (not complicate, take a look at 
https://github.com/inverse-inc/packetfence/tree/devel/go )


The code if you want to try:

https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3784.diff

Regards

Fabrice


Le 19-01-22 à 16 h 08, Thomas, Gregory A via PacketFence-users a écrit :


All,

My campus is in the process replacing a mass of access points across 
campus. Some happen to be behind Packetfence. Those behind Packetfence 
are unable to connect to the control. As these are Cisco Aps, they are 
advising implementing option 43 on the DHCP server.


I am currently running 8.3.0 and have no idea on how to do this.

Any help?

Gregory A. Thomas

Student Life Support Specialist

University of Wisconsin-Parkside

thom...@uwp.edu 



262.595.2432



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcp domain-search option

[Fabrice Durand via PacketFence-users]

In PacketFence 8 there is a way to do it with the API.

cf: https://github.com/inverse-inc/packetfence/tree/devel/go/dhcp


Le 2018-09-28 à 12:58, mj via PacketFence-users a écrit :

For the archives:

we're still o 7.1, and the only way of doing that there, is by editing
* /usr/local/pf/lib/pf/services/manager/dhcpd.pm
near the line 177, and add the line there:

  option domain-search "domain.com";

Restart dhcpd, and voila.

It seems that from version 8 onwards, packetfence no longer uses isc 
dhcpd, so the procedure will be different. (if possible at all...?)


Best,
MJ

On 09/27/2018 11:40 AM, lists via PacketFence-users wrote:

Hi,

We would like to provide a dhcp domain-search option for our 
packetfence (7.1) inline clients.


The gui only allows for a dhcp ip range to be set.

Is it possible to provide a search option somewhere?

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcp domain-search option

[mj via PacketFence-users]

For the archives:

we're still o 7.1, and the only way of doing that there, is by editing
* /usr/local/pf/lib/pf/services/manager/dhcpd.pm
near the line 177, and add the line there:

  option domain-search "domain.com";

Restart dhcpd, and voila.

It seems that from version 8 onwards, packetfence no longer uses isc 
dhcpd, so the procedure will be different. (if possible at all...?)


Best,
MJ

On 09/27/2018 11:40 AM, lists via PacketFence-users wrote:

Hi,

We would like to provide a dhcp domain-search option for our packetfence 
(7.1) inline clients.


The gui only allows for a dhcp ip range to be set.

Is it possible to provide a search option somewhere?

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcp-listener "interface in every vlan"

[Durand fabrice via PacketFence-users]

Hello David,

did you enabled the radius accounting on the WLC ? because you can have 
the ip address of the device inside the accounting packet.


Regards

Fabrice



Le 2018-02-17 à 02:35, David Brustad via PacketFence-users a écrit :

Hello everyone,

-Cisco WLC 4400
-Production DHCP server served by Cisco Router
-Packetfence ZEN 7.4.0 VM eth0 management, eth1 vlans 119 (role_119) 
120 (registration) 121 (isolation)

-iphone with MAC 68:db:ca:05:5c:39

Ok so I have everything working for the most part:

iphone connects to test_ssid, and is served vlan 120 IP address via 
packetfence dhcp.

iphone is directed to portal when any web page is loaded
accept AUP -> login -> select role (vlan 119, or vlan 115) works fine, 
the vlan requested is assigned, and is reflected in the nodes page of 
packetfence, but the new destination IP address is not shown, simply 
the registration IP that the device was assigned from. The phone does 
receive its new ip address from Cisco router and can then browse the 
web like normal.


When I run tail -f /usr/local/pf/logs/pfdhcplistener.log I can see the 
phone get its address from packetfence in registration vlan 120, but 
when the new role is assigned to vlan 119, there is no activity from 
that vlan in the dhcplistener log.


Any ideas to troubleshoot dhcp listener would be amazing- thank you 
guys for such an awesome software package!


Thanks,
David


I can ping:

-from packetfence 10.10.119.15 to the router management interface / 
and back
-from packetfence10.10.119.15 to router dhcp interface 10.10.119.1 / 
and back



/etc/sysconfig/network-scripts/ifcfg-eth1.119

DEVICE=eth1.119
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
NM_CONTROLLED=no
IPADDR=10.10.119.15
NETMASK=255.255.255.0


/usr/local/pf/conf/pf.conf

# Comma-delimited list of DHCP servers.  Passthroughs are created to 
allow DHCP transactions from even "trapped" nodes.


dhcpservers=127.0.0.1,10.10.119.1

[interface eth1.119]
ip=10.10.119.15
type=dhcp-listener
mask=255.255.255.0
gateway=10.10.119.3


/usr/local/pf/logs/pfdhcplistener.log

Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3169) 
INFO: [mac:[undef]] DHCP detector on eth1.121 enabled (main::setup_global)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3169) 
INFO: [mac:[undef]] Reload configuration on eth1.121 
(main::reload_config)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3171) 
INFO: [mac:[undef]] DHCP detector on eth0 enabled (main::setup_global)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3171) 
INFO: [mac:[undef]] Reload configuration on eth0 (main::reload_config)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3170) 
INFO: [mac:[undef]] DHCP detector on eth1.120 enabled (main::setup_global)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3170) 
INFO: [mac:[undef]] Reload configuration on eth1.120 (main::reload_config)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3172) 
INFO: [mac:[undef]] DHCP detector on eth1.119 enabled (main::setup_global)


Feb 17 05:59:30 PacketFence-ZEN pfdhcplistener: pfdhcplistener(3172) 
INFO: [mac:[undef]] Reload configuration on eth1.119 (main::reload_config)



Feb 17 06:00:44 PacketFence-ZEN pfdhcplistener: pfqueue(3097) INFO: 
[mac:unknown] DHCPREQUEST from bc:b3:08:fb:a5:9d (10.10.120.20) 
(pf::dhcp::processor_v4::parse_dhcp_request)


Feb 17 06:00:44 PacketFence-ZEN pfdhcplistener: pfqueue(3100) INFO: 
[mac:unknown] DHCPACK from 10.10.120.9 (00:50:56:9e:bd:64) to host 
bc:b3:08:fb:a5:9d (10.10.120.20) for 30 seconds 
(pf::dhcp::processor_v4::parse_dhcp_ack)


Feb 17 06:00:44 PacketFence-ZEN pfdhcplistener: pfqueue(3100) INFO: 
[mac:unknown] The listener process is on the same server as the DHCP 
server. (pf::dhcp::processor_v4::pf_is_dhcp)


Feb 17 06:00:44 PacketFence-ZEN pfdhcplistener: pfqueue(3097) INFO: 
[mac:unknown] The listener process is on the same server as the DHCP 
server. (pf::dhcp::processor_v4::pf_is_dhcp)


Feb 17 06:01:22 PacketFence-ZEN pfdhcplistener: pfqueue(3101) INFO: 
[mac:unknown] DHCPREQUEST from 68:db:ca:05:5c:39 (10.10.119.120) with 
lease of 7776000 seconds (pf::dhcp::processor_v4::parse_dhcp_request)


Feb 17 06:01:22 PacketFence-ZEN pfdhcplistener: pfqueue(3101) INFO: 
[mac:unknown] The listener process is NOT on the same server as the 
DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp)



Feb 17 06:01:26 PacketFence-ZEN pfdhcplistener: pfqueue(3101) INFO: 
[mac:unknown] DHCPREQUEST from 68:db:ca:05:5c:39 (10.10.120.15) 
(pf::dhcp::processor_v4::parse_dhcp_request)


Feb 17 06:01:26 PacketFence-ZEN pfdhcplistener: pfqueue(3101) INFO: 
[mac:unknown] The listener process is on the same server as the DHCP 
server. (pf::dhcp::processor_v4::pf_is_dhcp)


Feb 17 06:01:26 PacketFence-ZEN pfdhcplistener: pfqueue(3098) INFO: 
[mac:unknown] DHCPACK from 10.10.120.9 (00:50:56:9e:bd:64) to host 
68:db:ca:05:5c:39 (10.10.120.15) for 30 seconds 

Re: [PacketFence-users] DHCP service not listed

[Fabrice Durand via PacketFence-users]

Hello,

this is normal, the dhcp can run only on 2 off them.

Regards

Fabrice



Le 2017-11-17 à 14:35, Tobias Friede via PacketFence-users a écrit :
> Hi,
>
> I have the same problem, maybe that behavior is normal?
>
> My Cluster is a PF 7.2 Cluster. 
>
> Greetings
> Tobias
>
> 2017-11-17 16:34 GMT+01:00 Stephen Appleby via PacketFence-users
>  >:
>
> I've created a 3 node PF cluster. On one of the nodes DHCP is not
> listed as a service on the Status-Services page, and on the
> cluster status page that node's DHCP service status 
>
> show unknown. If I run 'pfcmd service pf restart' on that node it
> doesn't list the DHCP service either.
>
>
> Any idea as to what the problem might be?
>
>
>
> Stephen 
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP service not listed

[Tobias Friede via PacketFence-users]

Hi,

I have the same problem, maybe that behavior is normal?

My Cluster is a PF 7.2 Cluster.

Greetings
Tobias

2017-11-17 16:34 GMT+01:00 Stephen Appleby via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> I've created a 3 node PF cluster. On one of the nodes DHCP is not listed
> as a service on the Status-Services page, and on the cluster status page
> that node's DHCP service status
>
> show unknown. If I run 'pfcmd service pf restart' on that node it doesn't
> list the DHCP service either.
>
>
> Any idea as to what the problem might be?
>
>
>
> Stephen
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP forwarding required?

[Jonathan Hornby via PacketFence-users]

Good day

I am trying to setup packetfence to act as a captive portal on a routed 
network. I have many different end user sites which all sit on my routed 
service provider network. I want to run the packetfence server centrally in 
conjunction with my Ruckus virtual SmartZone controller as the wireless and 
captive portal solution. 

My problem is that Packetfence seems to want DHCP requests either tunneled to 
itself, or forwards by means of a DHCP relay, so that Packetfence itself can be 
the DHCP server to all devices which will authenticate to it. I really need the 
DHCP function to remain on each respective local DHCP server at each site.

So my question is, is packetfence just wanting to know the MAC address related 
to each IP address for internal authentication purposes? Or does packet fence 
actually require itself to be the DHCP server? Should the former be true, how 
do I set it up to work this was without Packetfence acutally being the DHCP 
server?
OR, if the latter is true, then how can I set Packetfence DHCP server up to 
know which pool/gateway/DHCP options to offer based on the SSID which the 
device came through, as I need to offer devices the correct DHCP settings on 
their own subnet based on the site that they are at.

Please let me know if anything is unclear so that I can clarify.

Thank you
Jonathan


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP doesnt reply

[Fabrice Durand via PacketFence-users]

Hello Luís,

can you paste your networks.conf and pf.conf please ?

Regards

Fabrice



Le 2017-07-28 à 10:37, Luís Torres via PacketFence-users a écrit :
>
> Hello,
>
>  
>
> Im new to packetfence and Im trynig to put the captive portal
> working..., Im integrating with a Cisco WLC5500. 
>
> If I use a dhcp server , other then PF, works fine .., but with the pf
> dhcpd , I can see the requests to the server but it wont reply any IP.
>
>  
>
> Can you guys give me a help?
>
>  
>
> cheers
>
>  
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP doesnt reply

[Luís Torres via PacketFence-users]

 

My confs: 

networks.conf


[10.2.201.0]
domain-name=vlan-registration
gateway=10.2.201.254
dhcp_max_lease_time=30
named=enabled
type=vlan-registration
fake_mac_enabled=disabled
dhcp_end=10.2.201.30
netmask=255.255.255.0
dns=10.252.2.45
dhcp_default_lease_time=30
dhcp_start=10.2.201.10
nat_enabled=disabled
dhcpd=enabled


dhcpd.conf: 

# This file is manipulated on PacketFence's startup
before being given to dhcpd
authoritative;
ddns-update-style
none;
ignore client-updates;
log-facility local6; 

# Captive-Portal
DHCP option (RFC7710)
option captive-portal-rfc7710 code 160 = string;


# OMAPI for IP <-> MAC lookup
omapi-port 7911;
key pf_omapi_key {

algorithm HMAC-MD5;
 secret
"h2iCERAxGgdRkGK5S947zCSFwCFI8gRR+DRjbfkABg0=";
};
omapi-key
pf_omapi_key; 

subnet 10.2.201.0 netmask 255.255.255.0 {
 option
routers 10.2.201.254;
 option subnet-mask 255.255.255.0;
 option
domain-name "vlan-registration";
 option domain-name-servers
10.252.2.45;
 option captive-portal-rfc7710
"https://packetfence.packetfence.org;;
 range 10.2.201.10 10.2.201.30;

default-lease-time 30;
 max-lease-time 30;
} 

# parking feature
group
parking {
 default-lease-time 3600;
 max-lease-time 3600;
} 

Em
2017-07-28 15:37, Luís Torres via PacketFence-users escreveu: 

> Hello,

> 
> Im new to packetfence and Im trynig to put the captive portal
working..., Im integrating with a Cisco WLC5500. 
> 
> If I use a dhcp
server , other then PF, works fine .., but with the pf dhcpd , I can see
the requests to the server but it wont reply any IP. 
> 
> Can you guys
give me a help? 
> 
> cheers 
> 
>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users
mailing list
> PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]




Links:
--
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Jason 'XenoPhage' Frisvold]

On 7/11/16 15:22, Louis Munro wrote:
> Hi Jason,
> 
> As I am sure you know, it’s just an ISC dhcpd instance with some
> configuration files populated from the packetfence conf/networks.conf file.

Yup, I remember fondly..  :)

> Nothing prevents you from editing the templates used to generate the
> configuration (conf/dhcpd.conf) and adding subnets.

Cool, so it *should* work ...

> On the other hand, it’s putting all your eggs in that basket.
> But if you’re not afraid of a little configuration file, then go ahead,
> by all means.

Well, I figure if the packetfence server is broken, losing network
access isn't a horrible thing.  Bears thinking through, though.

> Be aware though that we are currently experimenting with using
> FreeRADIUS 3 as a dhcp server.
> It’s not set in stone yet, but we may replace ISC dhcpd in the future.
> FreeRADIUS is just more dynamic and would allow us to cut down on the
> number of services running.

I admit that I haven't kept up with FreeRADIUS in recent years, but a
DHCP server?  That seems an odd use...  But ok.  :)

> Regards
> --
> Louis Munro,

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big it is. I mean, you may think it’s
a long way down the road to the chemist’s, but that’s just peanuts to
space.”
- The Hitchhikers Guide to the Galaxy



signature.asc
Description: OpenPGP digital signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Louis Munro]

> On Jul 12, 2016, at 1:58 AM, Felix Eckhofer  wrote:
> 
> Afaik Kea still does not support failover (and depending on network 
> topology, using a HA database backend can cause IP conflicts in a 
> split-brain situation).


That would be a concern.
We strive to make PacketFence more available, not less…

I guess we will have to look carefully at all the options.
What we want is a DHCP server that can dynamically be reconfigured and/or 
programmatically return different leases based on business logic for different 
MACs, and it has to be highly available (as much as reasonably possible).

--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Felix Eckhofer]

Hey.

Am 11.07.2016 23:45, schrieb Louis Munro:
> We have had a look at Kea, but it still seemed a little bit rough
> around the edges…

Afaik Kea still does not support failover (and depending on network 
topology, using a HA database backend can cause IP conflicts in a 
split-brain situation).


felix

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Louis Munro]

> On Jul 11, 2016, at 5:48 PM, Matt Zagrabelny  wrote:
> 
> From what I understand, Facebook is using Kea in their datacenters.

Ack! Not the blue team! 
;-)

As long as they send their patches upstream that is actually good to know.

Perhaps it does deserve a second look.
It’s been a while since we tried it.

I’ll admit to being a little bit concerned about using a 1.0 release. 
Numbers being what they are these days, my concerns may be overblown.


Does anyone have any war stories of using it? 
Or alternatively, stories of how it saved the day?

--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Matt Zagrabelny]

On Mon, Jul 11, 2016 at 4:45 PM, Louis Munro  wrote:
>
>
> We have had a look at Kea, but it still seemed a little bit rough around the
> edges…
>
> Are you running it in production?
> We’d sure be interested in hearing from people who are actually running it
> in anger ;-)

From what I understand, Facebook is using Kea in their datacenters.

-m

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Louis Munro]

> On Jul 11, 2016, at 5:25 PM, Sallee, Jake  wrote:
> 
> I would second Kea as a DHCP server in PF.
> 
> I am developing a companion app for Kea (sh, it's a secret.  It's on 
> GitHub ... FOSDDI ... you totally didn't hear about it from me).
> 
> If PF was running Kea it would offer those of us  with larger infrastructures 
> another data source to monitor and keep that "single pane of glass" that our 
> non-technical users seem to go on and on about so much.
> 
> BTW: My little project is still getting off the ground so if you do look it 
> up, don't be too harsh.

I wouldn’t dream of it (being harsh, I mean).


We have had a look at Kea, but it still seemed a little bit rough around the 
edges…

Are you running it in production? 
We’d sure be interested in hearing from people who are actually running it in 
anger ;-)

--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Sallee, Jake]

I would second Kea as a DHCP server in PF.

I am developing a companion app for Kea (sh, it's a secret.  It's on GitHub 
... FOSDDI ... you totally didn't hear about it from me).

If PF was running Kea it would offer those of us  with larger infrastructures 
another data source to monitor and keep that "single pane of glass" that our 
non-technical users seem to go on and on about so much.

BTW: My little project is still getting off the ground so if you do look it up, 
don't be too harsh.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221


From: Charles Rumford <charl...@isc.upenn.edu>
Sent: Monday, July 11, 2016 3:16 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] DHCP

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


> Be aware though that we are currently experimenting with using FreeRADIUS 3
> as a dhcp server. It’s not set in stone yet, but we may replace ISC dhcpd
> in the future. FreeRADIUS is just more dynamic and would allow us to cut
> down on the number of services running.

Has there been any thought into ISC Kea to replace dhcpd?

- --
Charles Rumford
Senior Network Engineer
ISC Tech Services
University of Pennsylvania
OpenPGP Key ID: 0xF3D8215A
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXg/6hAAoJECRJ3HLnmw6ZrCsQAIIx0Vto5CXNaEB++uS7GLg5
eQkVzBHgd56Z/H5sct3aSItD5qMZcz+ld1d7KnSDwvLyR1FQsEj9BFNUA4yy7l4i
SGW7ZCPZYX1byeugJDf85IrQ9+DdJZ+AMHX6f9yK3Mfn7BLeJi3EquTzLlFl6wG8
0E6KPi+JVxewr3Lt3c7tt91MF7ajunnwBh4fm3ltegAteYLjH6dL2VkxNybZL4RX
6xy+nLu/sjdV47zdRl7o7f327uzgWClFNsMVA4O0F7fC7fblivJYeum6sI+GTVMt
ZRVq+hcLmjMvnheRE0pswWS38P8PJ/6mDftr1rWMO97YfPxRKNY1i0t2sposIfOM
UWcBI8ILRiGLE0xOXJ3VfQxEs0mHVwjx62t9To/e/Rgm1zgWqPc0G5VGkTjJ1/t6
mkQ1MBeMNEAePR6cFetJ8Noup70olQPyhm6Yk12XWra3zHWL99FaZj3XthuhURj3
55uTdFexQrSgAIx8L+KAGotlpnCwC56QzoCxb4KaXpdXF5dtSnZjdAdLw+5laV6X
ZjQYrZob3AJmJx9vyLYu2Tt2j8kdIBViaSiVV/YeIUJ1DfKDHhbcXR5Zww2/G6P4
zjddbeY00EeISRCsuKNr3BONot2hN3/1CkF+4KfH4CuJwI8KH0v5jovZ0mxH2CAv
F99OTYlAMHubSkCK6q4N
=9+/y
-END PGP SIGNATURE-

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Charles Rumford]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


> Be aware though that we are currently experimenting with using FreeRADIUS 3
> as a dhcp server. It’s not set in stone yet, but we may replace ISC dhcpd
> in the future. FreeRADIUS is just more dynamic and would allow us to cut
> down on the number of services running.

Has there been any thought into ISC Kea to replace dhcpd?

- -- 
Charles Rumford
Senior Network Engineer
ISC Tech Services
University of Pennsylvania
OpenPGP Key ID: 0xF3D8215A
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXg/6hAAoJECRJ3HLnmw6ZrCsQAIIx0Vto5CXNaEB++uS7GLg5
eQkVzBHgd56Z/H5sct3aSItD5qMZcz+ld1d7KnSDwvLyR1FQsEj9BFNUA4yy7l4i
SGW7ZCPZYX1byeugJDf85IrQ9+DdJZ+AMHX6f9yK3Mfn7BLeJi3EquTzLlFl6wG8
0E6KPi+JVxewr3Lt3c7tt91MF7ajunnwBh4fm3ltegAteYLjH6dL2VkxNybZL4RX
6xy+nLu/sjdV47zdRl7o7f327uzgWClFNsMVA4O0F7fC7fblivJYeum6sI+GTVMt
ZRVq+hcLmjMvnheRE0pswWS38P8PJ/6mDftr1rWMO97YfPxRKNY1i0t2sposIfOM
UWcBI8ILRiGLE0xOXJ3VfQxEs0mHVwjx62t9To/e/Rgm1zgWqPc0G5VGkTjJ1/t6
mkQ1MBeMNEAePR6cFetJ8Noup70olQPyhm6Yk12XWra3zHWL99FaZj3XthuhURj3
55uTdFexQrSgAIx8L+KAGotlpnCwC56QzoCxb4KaXpdXF5dtSnZjdAdLw+5laV6X
ZjQYrZob3AJmJx9vyLYu2Tt2j8kdIBViaSiVV/YeIUJ1DfKDHhbcXR5Zww2/G6P4
zjddbeY00EeISRCsuKNr3BONot2hN3/1CkF+4KfH4CuJwI8KH0v5jovZ0mxH2CAv
F99OTYlAMHubSkCK6q4N
=9+/y
-END PGP SIGNATURE-

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP

[Louis Munro]

> On Jul 11, 2016, at 2:13 PM, Jason 'XenoPhage' Frisvold 
>  wrote:
> 
> Hi all,
> 
>   I'm pretty sure I know the answer to this, but maybe it's worth asking
> anyway.  I'm away of the DHCP support (basically required) for devices
> in the initial captive VLAN.  But what about after a user/device has
> been assigned to the proper VLAN?  Can the DHCP server on Packetfence be
> used for this, or should I be looking elsewhere?
> 
>   Or maybe it's better in the long run to keep it separate anyway.  
> Thoughts?
> 


Hi Jason,

As I am sure you know, it’s just an ISC dhcpd instance with some configuration 
files populated from the packetfence conf/networks.conf file.

Nothing prevents you from editing the templates used to generate the 
configuration (conf/dhcpd.conf) and adding subnets.

On the other hand, it’s putting all your eggs in that basket.
But if you’re not afraid of a little configuration file, then go ahead, by all 
means.

Be aware though that we are currently experimenting with using FreeRADIUS 3 as 
a dhcp server.
It’s not set in stone yet, but we may replace ISC dhcpd in the future.
FreeRADIUS is just more dynamic and would allow us to cut down on the number of 
services running.

Regards
--
Louis Munro,
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP and authentication

[Ludovic Zammit]

Hello Sir,

1. Normally when you are sitting in the registration network and you try to do 
an authentication on the captive portal, PacketFence will send a CoA (Change of 
authorization) to the switch/equipment in order to switch the VLAN of the 
device. Most of the time it happen in Radius (CoA) but if the switch doesn’t 
support it, PacketFence tries to do just a shutdown and up on the port in order 
to regenerate the radius request to apply the new VLAN. In that case the device 
knows that he needs to redo the DHCP because the link is briefly cut. But when 
you use the CoA the device doesn’t know that the VLAN changed on the switch, 
the only option that you have is to put a short lease time on the registration 
network like PacketFence has a 30 secs lease time on the registration network 
by default. So every 30 secs your device ask for a new IP, if the VLAN changed, 
the device end up the production VLAN.

2. Basically PacketFence manages two VLANs the Registration and Isolation 
VLANs. Meaning he will be the DNS, Gateway and DHCP server in this VLAN. 
PacketFence will just return VLAN IDs to a switch or wireless controller, he 
doesn’t need to be part of your production having a network card in all those 
VLANs.

3. With 802.1x there is two types of authentication, User authentication and 
Computer authentication. With user authentication you will authenticate a user 
that belong to a specific domain. You can authenticate all the users you want 
on a computer with the User authentication mode, the process will verify if the 
user is in your Active directory and also if the password match. The Computer 
authentication is very similar but it’s the computer sending out the 
information as host/hostname.domain.name to PacketFence and PacketFence will 
try to authenticate this account in your AD. The particularity of both is that 
with computer authentication, your computer needs to be joined to only one 
domain (yours) and the other hand, the computer where you do the user 
authentication doesn’t need to be joined to the domain.

On both cases you will need to configure your 802.1x supplicant on the computer 
where you try to do the authentication.

Thanks and have a nice day!
Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 





> Le 16 mai 2016 à 16:38, TOURE Amidou Florian  a 
> écrit :
> 
> Hi all,I have installed Packetfence 6.0 on my computer and it seems to be 
> worked fine since I can authenticate a user,But I don't understand 3 points 
> on my configuration:
> -First when I plug a user on the switchport its put on the registration vlan 
> and I do the authentication but after the authentication the user mooves to 
> the correct vlan but doesn't get an IP from this vlan.When I do a second 
> authentication with the same user it gets an IP address from his vlan but 
> cannot access to the web captive portail(I think that it is my DNS 
> configuration).How can I do to authenticate the user directly and put it on 
> the correct vlan after the authentication?
> -Second on my packetfence when I want to configure DNS for my vlans I can do 
> it only for one vlan but I cannot use this configuration to do the resolution 
> for all the vlans.Can I use packetfence DNS configuration to do the 
> resolution of my of personnal vlans?I'm very confused on this point.
> -Third I remarked that on my Packetfence I cannot authenticate a user on the 
> same computer name.Would I create specifics account for all my users?I'm 
> using a Windows Server AD.
> Thanks
> Regards 
> Amidou 
> 
> 
> --
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

Re: [PacketFence-users] DHCP and radius not answering.

[Durand fabrice]

Ok so all the needed services are running.
Now what happen when you try to authenticate, do you still have the same 
issue ?


Also can you paste your networks.conf, and pf.conf (remove sensible info).

Fabrice


Le 2016-03-24 20:06, Blackman Anthony a écrit :

[root@pfptnyc ~]# ps -edfl|grep http.admin
0 S root  6891  6877  0  80   0 - 25826 pipe_w 20:01 pts/1
00:00:00 grep http.admin

[root@pfptnyc ~]# ps -edfl|grep dhcp
5 S root  6715  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6716  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6717  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6718  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6719  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6720  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6721  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6722  6707  0  80   0 - 140766 poll_s 19:54 ?   
00:00:00 pfqueue - Queue:pfdhcplistener
5 S root  6733 1  0  80   0 - 142320 poll_s 19:54 ?   
00:00:00 pfdhcplistener_eth1.480
5 S root  6739 1  0  80   0 - 142320 poll_s 19:54 ?   
00:00:00 pfdhcplistener_eth1.490
5 S root  6743 1  0  80   0 - 142321 poll_s 19:54 ?   
00:00:00 pfdhcplistener_eth1
5 S root  6759 1  0  80   0 - 22269 poll_s 19:55 ?
00:00:00 /usr/sbin/dhcpd -q -lf /usr/local/pf/var/dhcpd/dhcpd.leases 
-cf /usr/local/pf/var/conf/dhcpd.conf -pf 
/usr/local/pf/var/run/dhcpd.pid eth1.480 eth1.490
0 S root  6893  6877  0  80   0 - 25827 pipe_w 20:01 pts/1
00:00:00 grep dhcp

[root@pfptnyc ~]# service packetfence status
service|shouldBeStarted|pid
carbon-cache|1|6792
carbon-relay|1|6799
collectd|1|6802
dhcpd|1|6759
haproxy|0|0
httpd.aaa|1|6626
httpd.admin|1|6576
httpd.graphite|1|6829
httpd.portal|1|6746
httpd.proxy|0|0
httpd.webservices|1|6761
iptables|1|-1
keepalived|0|0
p0f|1|6785
pfbandwidthd|0|0
pfdetect||0
pfdhcplistener_eth1.480|1|6733
pfdhcplistener_eth1.490|1|6739
pfdhcplistener_eth1|1|6743
pfdns|1|6723
pfmon|1|6771
pfqueue|1|6707
pfsetvlan|0|0
radiusd-acct|1|
radiusd|1|6700
radsniff3|1|6826
redis_queue|1|6622
snmptrapd|0|0
snort|0|0
statsd|1|6817
suricata|0|0
[root@pfptnyc ~]#
[root@pfptnyc ~]# /usr/local/pf/bin/pfcmd service httpd.aaa restart
service|command
httpd.aaa|stop
httpd.admin|already started
Checking configuration sanity...
httpd.aaa|start
[root@pfptnyc ~]# /usr/local/pf/bin/pfcmd service dhcpd restart
service|command
dhcpd|stop
httpd.admin|already started
Checking configuration sanity...
dhcpd|start
[root@pfptnyc ~]#
[root@pfptnyc ~]#
[root@pfptnyc ~]#
Here it is.

Anthony


On Thursday, March 24, 2016 4:49 PM, Durand fabrice 
 wrote:



Hi Antony,

This:
[Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
mean that the httpd.aaa is not running.

so do and paste the result:

ps -edf|grep httpd.admin
ps -edf|grep dhcpd
service packetfence status
/usr/local/pf/bin/pfcmd service httpd.aaa restart
/usr/local/pf/bin/pfcmd service dhcpd restart

and also paste the content of packetfence.log (not the full one) when 
you launch these command.



Fabrice


Le 2016-03-24 19:38, Blackman Anthony a écrit :
This is the only problem i  find. dhcp registration an isolation 
networks are defined.

httpd.aaa.error

[root@pfptnyc logs]# tail httpd.aaa.error
[Wed Mar 23 20:29:34 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Wed Mar 23 20:29:34 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations
[Thu Mar 24 12:20:28 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 12:20:31 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 12:20:31 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations

[Thu Mar 24 14:43:03 2016] [notice] caught SIGTERM, shutting down
[Thu Mar 24 14:43:54 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 14:43:57 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 14:43:57 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations

[Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
[root@pfptnyc logs]#

rsa certificate name does not match.

Anthony




On Thursday, March 24, 2016 4:00 PM, Durand fabrice 

Re: [PacketFence-users] DHCP and radius not answering.

[Blackman Anthony]

[root@pfptnyc ~]# ps -edfl|grep http.admin
0 S root  6891  6877  0  80   0 - 25826 pipe_w 20:01 pts/1    00:00:00 grep 
http.admin
[root@pfptnyc ~]# ps -edfl|grep dhcp
5 S root  6715  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6716  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6717  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6718  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6719  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6720  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6721  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6722  6707  0  80   0 - 140766 poll_s 19:54 ?   00:00:00 
pfqueue - Queue:pfdhcplistener
5 S root  6733 1  0  80   0 - 142320 poll_s 19:54 ?   00:00:00 
pfdhcplistener_eth1.480
5 S root  6739 1  0  80   0 - 142320 poll_s 19:54 ?   00:00:00 
pfdhcplistener_eth1.490
5 S root  6743 1  0  80   0 - 142321 poll_s 19:54 ?   00:00:00 
pfdhcplistener_eth1
5 S root  6759 1  0  80   0 - 22269 poll_s 19:55 ?    00:00:00 
/usr/sbin/dhcpd -q -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf 
/usr/local/pf/var/conf/dhcpd.conf -pf /usr/local/pf/var/run/dhcpd.pid eth1.480 
eth1.490
0 S root  6893  6877  0  80   0 - 25827 pipe_w 20:01 pts/1    00:00:00 grep 
dhcp
[root@pfptnyc ~]# service packetfence status
service|shouldBeStarted|pid
carbon-cache|1|6792
carbon-relay|1|6799
collectd|1|6802
dhcpd|1|6759
haproxy|0|0
httpd.aaa|1|6626
httpd.admin|1|6576
httpd.graphite|1|6829
httpd.portal|1|6746
httpd.proxy|0|0
httpd.webservices|1|6761
iptables|1|-1
keepalived|0|0
p0f|1|6785
pfbandwidthd|0|0
pfdetect||0
pfdhcplistener_eth1.480|1|6733
pfdhcplistener_eth1.490|1|6739
pfdhcplistener_eth1|1|6743
pfdns|1|6723
pfmon|1|6771
pfqueue|1|6707
pfsetvlan|0|0
radiusd-acct|1|
radiusd|1|6700
radsniff3|1|6826
redis_queue|1|6622
snmptrapd|0|0
snort|0|0
statsd|1|6817
suricata|0|0
[root@pfptnyc ~]#
[root@pfptnyc ~]# /usr/local/pf/bin/pfcmd service httpd.aaa restart
service|command
httpd.aaa|stop
httpd.admin|already started
Checking configuration sanity...
httpd.aaa|start
[root@pfptnyc ~]# /usr/local/pf/bin/pfcmd service dhcpd restart
service|command
dhcpd|stop
httpd.admin|already started
Checking configuration sanity...
dhcpd|start
[root@pfptnyc ~]#
[root@pfptnyc ~]#
[root@pfptnyc ~]#
Here it is.
Anthony 

On Thursday, March 24, 2016 4:49 PM, Durand fabrice  
wrote:
 

  Hi Antony,
 
 This:
 [Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
 mean that the httpd.aaa is not running.
 
 so do and paste the result:
 
 ps -edf|grep httpd.admin
 ps -edf|grep dhcpd
 service packetfence status
 /usr/local/pf/bin/pfcmd service httpd.aaa restart
 /usr/local/pf/bin/pfcmd service dhcpd restart
 
 and also paste the content of packetfence.log (not the full one) when you 
launch these command.
 
 
 Fabrice
 
 
 Le 2016-03-24 19:38, Blackman Anthony a écrit :
  
  This is the only problem i  find. dhcp registration an isolation networks are 
defined. httpd.aaa.error 
  [root@pfptnyc logs]# tail httpd.aaa.error
 [Wed Mar 23 20:29:34 2016] [warn] RSA server certificate CommonName (CN) 
`127.0.0.1' does NOT match server name!?
 [Wed Mar 23 20:29:34 2016] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal 
operations
 [Thu Mar 24 12:20:28 2016] [warn] RSA server certificate CommonName (CN) 
`127.0.0.1' does NOT match server name!?
 [Thu Mar 24 12:20:31 2016] [warn] RSA server certificate CommonName (CN) 
`127.0.0.1' does NOT match server name!?
 [Thu Mar 24 12:20:31 2016] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal 
operations
 [Thu Mar 24 14:43:03 2016] [notice] caught SIGTERM, shutting down
 [Thu Mar 24 14:43:54 2016] [warn] RSA server certificate CommonName (CN) 
`127.0.0.1' does NOT match server name!?
 [Thu Mar 24 14:43:57 2016] [warn] RSA server certificate CommonName (CN) 
`127.0.0.1' does NOT match server name!?
 [Thu Mar 24 14:43:57 2016] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal 
operations
 [Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
 [root@pfptnyc logs]#
 
 rsa certificate name does not match. 
  Anthony 
  
   
 
  On Thursday, March 24, 2016 4:00 PM, Durand fabrice  
wrote:
  
 
Hello Anthony,
 
 first check that the httpd.aaa is running (rpc issue) and check the dhcpd is 
running and the configuration (/usr/local/pf/var/conf/dhcpd.conf) if your 
registration 

Re: [PacketFence-users] DHCP and radius not answering.

[Durand fabrice]

Hi Antony,

This:
[Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
mean that the httpd.aaa is not running.

so do and paste the result:

ps -edf|grep httpd.admin
ps -edf|grep dhcpd
service packetfence status
/usr/local/pf/bin/pfcmd service httpd.aaa restart
/usr/local/pf/bin/pfcmd service dhcpd restart

and also paste the content of packetfence.log (not the full one) when 
you launch these command.



Fabrice


Le 2016-03-24 19:38, Blackman Anthony a écrit :
This is the only problem i  find. dhcp registration an isolation 
networks are defined.

httpd.aaa.error

[root@pfptnyc logs]# tail httpd.aaa.error
[Wed Mar 23 20:29:34 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Wed Mar 23 20:29:34 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations
[Thu Mar 24 12:20:28 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 12:20:31 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 12:20:31 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations

[Thu Mar 24 14:43:03 2016] [notice] caught SIGTERM, shutting down
[Thu Mar 24 14:43:54 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 14:43:57 2016] [warn] RSA server certificate CommonName 
(CN) `127.0.0.1' does NOT match server name!?
[Thu Mar 24 14:43:57 2016] [notice] Apache/2.2.15 (Unix) 
mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 
configured -- resuming normal operations

[Thu Mar 24 19:33:40 2016] [notice] caught SIGTERM, shutting down
[root@pfptnyc logs]#

rsa certificate name does not match.

Anthony




On Thursday, March 24, 2016 4:00 PM, Durand fabrice 
 wrote:



Hello Anthony,

first check that the httpd.aaa is running (rpc issue) and check the 
dhcpd is running and the configuration 
(/usr/local/pf/var/conf/dhcpd.conf) if your registration network is there.


Regards
Fabrice


Le 2016-03-23 20:28, Blackman Anthony a écrit :

radius.log

Wed Mar 23 20:08:32 2016 : Info: rlm_sql_mysql: Starting connect to 
MySQL server for #4
Wed Mar 23 20:08:32 2016 : Info: rlm_sql (pfsms): Connected new DB 
handle, #4

Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server packetfence-tunnel
Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server soh-server
Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server 
dynamic_client_server

Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server packetfence
Wed Mar 23 20:08:32 2016 : Info: Ready to process requests.
Wed Mar 23 20:15:54 2016 : Auth: Login OK: [18a905cf0442] (from 
client 10.10.10.10 port 50003 cli 18:a9:05:cf:04:42)
Wed Mar 23 20:15:54 2016 : Error: rlm_perl: An error occurred while 
processing the authorize RPC request: An error occured while 
processing the MessagePack request return code (0) at 
/usr/local/pf/lib//pf/radius/rpc.pm line 47.
Wed Mar 23 20:16:18 2016 : Auth: Login OK: [18a905cf0442] (from 
client 10.10.10.10 port 50003 cli 18:a9:05:cf:04:42)
Wed Mar 23 20:16:18 2016 : Error: rlm_perl: An error occurred while 
processing the authorize RPC request: An error occured while 
processing the MessagePack request return code (0) at 
/usr/local/pf/lib//pf/radius/rpc.pm line 47.

W

pfdhcplistener.log

Mar 23 20:08:43 pfdhcplistener(2919) INFO: DHCP detector on eth1.490 
enabled (main::)
Mar 23 20:08:43 pfdhcplistener(2919) INFO: Reload configuration on 
eth1.490 with status 0 (main::reload_config)
Mar 23 20:08:46 pfdhcplistener(2923) INFO: pfdhcplistener_eth1 
starting and writing 2923 to 
/usr/local/pf/var/run/pfdhcplistener_eth1.pid 
(pf::services::util::createpid)
Mar 23 20:08:46 pfdhcplistener(2923) WARN: Unable to open VLAN proc 
description for eth1: No such file or directory 
(pf::util::get_vlan_from_int)

M

When i rum Wireshark only see the pc requesting dhcp address. I see 
no answer from dhcp. I see the accept radius packet to the radius 
server no answer from radius.


Please help me resolve this problem.

Anthony.



--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 


https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.

Re: [PacketFence-users] DHCP and radius not answering.

[Durand fabrice]

Hello Anthony,

first check that the httpd.aaa is running (rpc issue) and check the 
dhcpd is running and the configuration 
(/usr/local/pf/var/conf/dhcpd.conf) if your registration network is there.


Regards
Fabrice


Le 2016-03-23 20:28, Blackman Anthony a écrit :

radius.log

Wed Mar 23 20:08:32 2016 : Info: rlm_sql_mysql: Starting connect to 
MySQL server for #4
Wed Mar 23 20:08:32 2016 : Info: rlm_sql (pfsms): Connected new DB 
handle, #4

Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server packetfence-tunnel
Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server soh-server
Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server 
dynamic_client_server

Wed Mar 23 20:08:32 2016 : Info: Loaded virtual server packetfence
Wed Mar 23 20:08:32 2016 : Info: Ready to process requests.
Wed Mar 23 20:15:54 2016 : Auth: Login OK: [18a905cf0442] (from client 
10.10.10.10 port 50003 cli 18:a9:05:cf:04:42)
Wed Mar 23 20:15:54 2016 : Error: rlm_perl: An error occurred while 
processing the authorize RPC request: An error occured while 
processing the MessagePack request return code (0) at 
/usr/local/pf/lib//pf/radius/rpc.pm line 47.
Wed Mar 23 20:16:18 2016 : Auth: Login OK: [18a905cf0442] (from client 
10.10.10.10 port 50003 cli 18:a9:05:cf:04:42)
Wed Mar 23 20:16:18 2016 : Error: rlm_perl: An error occurred while 
processing the authorize RPC request: An error occured while 
processing the MessagePack request return code (0) at 
/usr/local/pf/lib//pf/radius/rpc.pm line 47.

W

pfdhcplistener.log

Mar 23 20:08:43 pfdhcplistener(2919) INFO: DHCP detector on eth1.490 
enabled (main::)
Mar 23 20:08:43 pfdhcplistener(2919) INFO: Reload configuration on 
eth1.490 with status 0 (main::reload_config)
Mar 23 20:08:46 pfdhcplistener(2923) INFO: pfdhcplistener_eth1 
starting and writing 2923 to 
/usr/local/pf/var/run/pfdhcplistener_eth1.pid 
(pf::services::util::createpid)
Mar 23 20:08:46 pfdhcplistener(2923) WARN: Unable to open VLAN proc 
description for eth1: No such file or directory 
(pf::util::get_vlan_from_int)

M

When i rum Wireshark only see the pc requesting dhcp address. I see no 
answer from dhcp. I see the accept radius packet to the radius server 
no answer from radius.


Please help me resolve this problem.

Anthony.



--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP ip helper

[Ludovic Zammit]

Hello Florian,

DHCP helper are used to forward DHCP traffic to PacketFence.

It can be forwarded to a registration interface (where dhcpd listens and 
answers to DHCP requests) to give an IP address etc… or it can be forwarded to 
PF management interface (where dhcpd listens and doesn’t answer) to give 
information of a node into (New IP) the production network after the 
registration.

Thanks,
Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 





> Le 16 févr. 2016 à 09:38, TOURE Amidou Florian  
> a écrit :
> 
> Hi , I have some problem when of understading something in PacketFence Admin 
> GUI.
> I want to use ip helper for my dhcp production.But in i have configure a dhcp 
> server for my management vlan bt in Packetfence Admin Gui it is said that :
> 
> Add PacketFence’s management IP address as the last ip helper-address 
> statement in your network equipment.At thispoin tPacketFence will receive a 
> copy of all DHCPrequests for that VLAN and will record what IP 
> weredistributed to what node using a pfdhcplistener daemon. By default no 
> DHCP Server should be running on that interface where you are sending the 
> requests. This is by design otherwise PacketFence would reply to the DHCP 
> requests which would be a bad thing. 
> 
> For me i think that it is the address of  my server that i would use to 
> configure ip helper.But i don't understand and i want to know that if someone 
> can help me to understand.
> 
> 
> Thank you
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP issue in Registration and Isolation vlans

[Abdelghafour Rakhma]

Hello Fabrice!

= The port where I'm connecting my PF:
Fa0/1 : switchport trunk native vlan 1

=my ifconfig output!:
eth0  Link encap:Ethernet  HWaddr 00:0C:29:3A:D5:45
  inet adr:192.168.0.1  Bcast:192.168.0.255  Masque:255.255.255.0
  adr inet6: fe80::20c:29ff:fe3a:d545/64 Scope:Lien
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:41164 errors:0 dropped:0 overruns:0 frame:0
  TX packets:658 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:1000
  RX bytes:33344466 (31.7 MiB)  TX bytes:36889 (36.0 KiB)

eth0.2Link encap:Ethernet  HWaddr 00:0C:29:3A:D5:45
  inet adr:192.168.2.1  Bcast:192.168.2.255  Masque:255.255.255.0
  adr inet6: fe80::20c:29ff:fe3a:d545/64 Scope:Lien
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:0
  RX bytes:0 (0.0 b)  TX bytes:636 (636.0 b)

eth0.3Link encap:Ethernet  HWaddr 00:0C:29:3A:D5:45
  inet adr:192.168.3.1  Bcast:192.168.3.255  Masque:255.255.255.0
  adr inet6: fe80::20c:29ff:fe3a:d545/64 Scope:Lien
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:0
  RX bytes:0 (0.0 b)  TX bytes:636 (636.0 b)

= and tcpdump doesn't  show anything and I can't ping from my switch
to eth0.2
(using vmware (mode bridged) and tried in virtuakbox too)!


Regards!

On Tue, Jun 16, 2015 at 4:16 PM, Abdelghafour Rakhma 
rakhma.abdelghaf...@gmail.com wrote:

 Hello Again!
 in PF 5.1.0 when I plug a device in the switch where i've configured mab
 and 802.1X MAC auth! the port is set on VLAN 2 (registration) but Nothing
 happens after!
 like if the eth0.2 isn't listening or I don't know! no DHCP request is
 answered

 I've tried to set the port to vlan 2 manually and set a static ip address
 to the device in the, but it's stuck there, no captive portal no nothing...

 I'll attach the log files and the switch port config! hopping for a quick
 answer!
 And thanks in advance.
 Best regards

 pfdhcplistener.log:

 Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2 starting
 and writing 3556 to /usr/local/pf/var/run/pfdhcplistener_eth0.2.pid
 (pf::services::util::createpid)
 Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2 enabled
 (main::)
 Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3 starting
 and writing 3563 to /usr/local/pf/var/run/pfdhcplistener_eth0.3.pid
 (pf::services::util::createpid)
 Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3 enabled
 (main::)
 Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0 starting
 and writing 3569 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid
 (pf::services::util::createpid)
 Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN proc
 description for eth0: Aucun fichier ou dossier de ce type
 (pf::util::get_vlan_from_int)
 Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0 enabled
 (main::)
 ===
 packetfence.log:
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
 autz request: from switch_ip = (192.168.0.254), connection_type =
 WIRED_MAC_AUTH,switch_mac = (f4:7f:35:2d:55:0e), mac =
 [00:25:64:ab:a0:ac], port = 10014, username = 002564aba0ac
 (pf::radius::authorize)
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
 unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
 Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access Control is
 not supported on network device type pf::Switch::Cisco::Catalyst_2960.
  (pf::Switch::supportsRoleBasedEnforcement)
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] (192.168.0.254)
 Returning ACCEPT with VLAN 2 and role
  (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
 Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
 autz request: from switch_ip = (192.168.0.254), connection_type =
 WIRED_MAC_AUTH,switch_mac = (f4:7f:35:2d:55:0e), mac =
 [00:25:64:ab:a0:ac], port = 10014, username = 002564aba0ac
 (pf::radius::authorize)
 Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
 unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
 Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access Control is
 not supported on network device type pf::Switch::Cisco::Catalyst_2960.
  (pf::Switch::supportsRoleBasedEnforcement)
 @

 
 /pf/var/conf/dhcpd.conf :

 omapi-port 7911;
 key pf_omapi_key {
 algorithm 

Re: [PacketFence-users] DHCP issue in Registration and Isolation vlans

[Abdelghafour Rakhma]

Can Someone help! I'm really stuck here..!

Regards

On Tue, Jun 16, 2015 at 4:16 PM, Abdelghafour Rakhma 
rakhma.abdelghaf...@gmail.com wrote:

 Hello Again!
 in PF 5.1.0 when I plug a device in the switch where i've configured mab
 and 802.1X MAC auth! the port is set on VLAN 2 (registration) but Nothing
 happens after!
 like if the eth0.2 isn't listening or I don't know! no DHCP request is
 answered

 I've tried to set the port to vlan 2 manually and set a static ip address
 to the device in the, but it's stuck there, no captive portal no nothing...

 I'll attach the log files and the switch port config! hopping for a quick
 answer!
 And thanks in advance.
 Best regards

 pfdhcplistener.log:

 Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2 starting
 and writing 3556 to /usr/local/pf/var/run/pfdhcplistener_eth0.2.pid
 (pf::services::util::createpid)
 Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2 enabled
 (main::)
 Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3 starting
 and writing 3563 to /usr/local/pf/var/run/pfdhcplistener_eth0.3.pid
 (pf::services::util::createpid)
 Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3 enabled
 (main::)
 Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0 starting
 and writing 3569 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid
 (pf::services::util::createpid)
 Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN proc
 description for eth0: Aucun fichier ou dossier de ce type
 (pf::util::get_vlan_from_int)
 Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0 enabled
 (main::)
 ===
 packetfence.log:
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
 autz request: from switch_ip = (192.168.0.254), connection_type =
 WIRED_MAC_AUTH,switch_mac = (f4:7f:35:2d:55:0e), mac =
 [00:25:64:ab:a0:ac], port = 10014, username = 002564aba0ac
 (pf::radius::authorize)
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
 unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
 Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access Control is
 not supported on network device type pf::Switch::Cisco::Catalyst_2960.
  (pf::Switch::supportsRoleBasedEnforcement)
 Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] (192.168.0.254)
 Returning ACCEPT with VLAN 2 and role
  (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
 Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
 autz request: from switch_ip = (192.168.0.254), connection_type =
 WIRED_MAC_AUTH,switch_mac = (f4:7f:35:2d:55:0e), mac =
 [00:25:64:ab:a0:ac], port = 10014, username = 002564aba0ac
 (pf::radius::authorize)
 Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
 unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
 Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access Control is
 not supported on network device type pf::Switch::Cisco::Catalyst_2960.
  (pf::Switch::supportsRoleBasedEnforcement)
 @

 
 /pf/var/conf/dhcpd.conf :

 omapi-port 7911;
 key pf_omapi_key {
 algorithm HMAC-MD5;
 secret Zop2OvYAwVao7hTz+kBx/w==;
 };
 omapi-key pf_omapi_key;




 subnet 192.168.3.0 netmask 255.255.255.0 {
   option routers 192.168.3.1;
   option subnet-mask 255.255.255.0;
   option domain-name vlan-isolation.fssm.local;
   option domain-name-servers 192.168.3.1;
   range 192.168.3.100 192.168.3.200;
   default-lease-time 30;
   max-lease-time 30;
 }
 subnet 192.168.2.0 netmask 255.255.255.0 {
   option routers 192.168.2.1;
   option subnet-mask 255.255.255.0;
   option domain-name vlan-registration.fssm.local;
   option domain-name-servers 192.168.2.1;
   range 192.168.2.100 192.168.2.200;
   default-lease-time 30;
   max-lease-time 30;
 }

 
 networks.conf:

 [192.168.2.0]
 dns=192.168.2.1
 dhcp_start=192.168.2.100
 gateway=192.168.2.1
 domain-name=vlan-registration.fssm.local
 nat_enabled=disabled
 named=enabled
 dhcp_max_lease_time=30
 fake_mac_enabled=disabled
 dhcpd=enabled
 dhcp_end=192.168.2.200
 type=vlan-registration
 netmask=255.255.255.0
 dhcp_default_lease_time=30

 [192.168.3.0]
 dns=192.168.3.1
 dhcp_start=192.168.3.100
 gateway=192.168.3.1
 domain-name=vlan-isolation.fssm.local
 nat_enabled=disabled
 named=enabled
 dhcp_max_lease_time=30
 fake_mac_enabled=disabled
 dhcpd=enabled
 dhcp_end=192.168.3.200
 type=vlan-isolation
 netmask=255.255.255.0
 dhcp_default_lease_time=30
 
 My Cisco 2960 configuration:

 interface FastEthernet0/1
  switchport mode trunk

 !
 !
 interface FastEthernet0/12
 !
 interface FastEthernet0/13
  description NAC_controlled
  switchport 

Re: [PacketFence-users] DHCP issue in Registration and Isolation vlans

[Durand fabrice]

Hello Abdelghafour,

Can you paste the switch port configuration where packetfence has been 
plugged ?


The result of: ifconfig

If you use tcpdump -i eth0.2 do you have traffic ?

Regards
Fabrice


Le 2015-06-17 20:56, Abdelghafour Rakhma a écrit :

Can Someone help! I'm really stuck here..!

Regards

On Tue, Jun 16, 2015 at 4:16 PM, Abdelghafour Rakhma 
rakhma.abdelghaf...@gmail.com mailto:rakhma.abdelghaf...@gmail.com 
wrote:


Hello Again!
in PF 5.1.0 when I plug a device in the switch where i've
configured mab and 802.1X MAC auth! the port is set on VLAN 2
(registration) but Nothing happens after!
like if the eth0.2 isn't listening or I don't know! no DHCP
request is answered

I've tried to set the port to vlan 2 manually and set a static ip
address to the device in the, but it's stuck there, no captive
portal no nothing...

I'll attach the log files and the switch port config! hopping for
a quick answer!
And thanks in advance.
Best regards

pfdhcplistener.log:

Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2
starting and writing 3556 to
/usr/local/pf/var/run/pfdhcplistener_eth0.2.pid
(pf::services::util::createpid)
Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2
enabled (main::)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3
starting and writing 3563 to
/usr/local/pf/var/run/pfdhcplistener_eth0.3.pid
(pf::services::util::createpid)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3
enabled (main::)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0
starting and writing 3569 to
/usr/local/pf/var/run/pfdhcplistener_eth0.pid
(pf::services::util::createpid)
Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN
proc description for eth0: Aucun fichier ou dossier de ce type
(pf::util::get_vlan_from_int)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0
enabled (main::)
===
packetfence.log:
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling
radius autz request: from switch_ip = (192.168.0.254),
connection_type = WIRED_MAC_AUTH,switch_mac =
(f4:7f:35:2d:55:0e), mac = [00:25:64:ab:a0:ac], port = 10014,
username = 002564aba0ac (pf::radius::authorize)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of
status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access
Control is not supported on network device type
pf::Switch::Cisco::Catalyst_2960.
 (pf::Switch::supportsRoleBasedEnforcement)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac]
(192.168.0.254) Returning ACCEPT with VLAN 2 and role
 (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling
radius autz request: from switch_ip = (192.168.0.254),
connection_type = WIRED_MAC_AUTH,switch_mac =
(f4:7f:35:2d:55:0e), mac = [00:25:64:ab:a0:ac], port = 10014,
username = 002564aba0ac (pf::radius::authorize)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of
status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access
Control is not supported on network device type
pf::Switch::Cisco::Catalyst_2960.
 (pf::Switch::supportsRoleBasedEnforcement)
@

/pf/var/conf/dhcpd.conf :

omapi-port 7911;
key pf_omapi_key {
algorithm HMAC-MD5;
secret Zop2OvYAwVao7hTz+kBx/w==;
};
omapi-key pf_omapi_key;




subnet 192.168.3.0 netmask 255.255.255.0 {
  option routers 192.168.3.1;
  option subnet-mask 255.255.255.0;
  option domain-name vlan-isolation.fssm.local;
  option domain-name-servers 192.168.3.1;
  range 192.168.3.100 192.168.3.200;
  default-lease-time 30;
  max-lease-time 30;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
  option routers 192.168.2.1;
  option subnet-mask 255.255.255.0;
  option domain-name vlan-registration.fssm.local;
  option domain-name-servers 192.168.2.1;
  range 192.168.2.100 192.168.2.200;
  default-lease-time 30;
  max-lease-time 30;
}

networks.conf:

[192.168.2.0]
dns=192.168.2.1
dhcp_start=192.168.2.100
gateway=192.168.2.1
domain-name=vlan-registration.fssm.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.200
type=vlan-registration

Re: [PacketFence-users] DHCP Issue After Registration on Cisco WLC

[Fabrice Durand]

Hi Jordan,
Why don't you manage dhcp on vlan 10 and 20 by packetfence ? 
It's not a controller issue and it's not a packetfence issue, it's just that 
the device is not able to detect that the vlan changed.
It's why on reg and isol vlan we configured packetfence's dhcp server to 
provide low lease (30 s) to be able to have a new dhcp request each 30s.

Regards
Fabrice

Le 19 mars 2015 02:32:22 GMT-04:00, Jordan Altmann 
altma...@marshfield.k12.wi.us a écrit :
Hello,

I'm having an issue where the client doesn't request a new IP after the
PacketFence Captive Portal registration occurs.  A little background:

Cisco WLC 5508 Firmware 8.0.115.0

VLAN 10: Registration10.0.10.X/24
VLAN 20: Isolation   10.0.20.x/24
VLAN 30: Production  10.0.30.x/24

PacketFence Interfaces:
eth0.10 10.0.10.2
eth0.20 10.0.20.2
eth0.441  172.44.0.10 (Management)

Core Router:
VLAN 10
  ip helper-address 172.20.0.3
 ip helper-address 172.44.0.10

VLAN 20
  ip helper-address 172.20.0.3
  ip helper-address 172.44.0.10

VLAN 30
  ip helper-address 172.20.0.3
  ip helper-address 172.44.0.10


When I connect a client to the NAC SSID I am correctly put into VLAN
10 and given a DHCP address.  From there I am able to authenticate my
credentials using Active Directory.  RADIUS changes my VLAN and ACL via
a CoA packet to VLAN 30 and Authorize_any.  However, even though the
client shows up as being a part of VLAN 30 it doesn't automatically
renew so it holds onto a 10.0.10.x address.  I can manually release and
renew an then it works, however, this is not what should happen.  I've
made a Cisco TAC case thinking it was an issue with the controller not
being put into a DHCP_REQD state after a reassocation, however, they
think it's PacketFence.

My understanding was that if you had DHCP Address Required selected
on the Cisco WLC that it would put you in a DHCP_REQD state on the
controller after the VLAN has changed, however, that must not be the
case.

Any insight would be greatly appreciated.

Jordan Altmann
Network Specialist




--
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub
for all
things parallel software development, from weekly thought leadership
blogs to
news, videos, case studies, tutorials and more. Take a look and join
the 
conversation now. http://goparallel.sourceforge.net/



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Issue After Registration on Cisco WLC

[Jordan Altmann]

Thanks Fabrice,

Your advice worked flawlessly!

Jordan Altmann
Network Specialist

From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Thursday, March 19, 2015 3:05 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] DHCP Issue After Registration on Cisco WLC

Hi Jordan,
Why don't you manage dhcp on vlan 10 and 20 by packetfence ?
It's not a controller issue and it's not a packetfence issue, it's just that 
the device is not able to detect that the vlan changed.
It's why on reg and isol vlan we configured packetfence's dhcp server to 
provide low lease (30 s) to be able to have a new dhcp request each 30s.

Regards
Fabrice
Le 19 mars 2015 02:32:22 GMT-04:00, Jordan Altmann 
altma...@marshfield.k12.wi.usmailto:altma...@marshfield.k12.wi.us a écrit :
Hello,

I’m having an issue where the client doesn’t request a new IP after the 
PacketFence Captive Portal registration occurs.  A little background:

Cisco WLC 5508 Firmware 8.0.115.0

VLAN 10: Registration10.0.10.X/24
VLAN 20: Isolation   10.0.20.x/24
VLAN 30: Production  10.0.30.x/24

PacketFence Interfaces:
eth0.10 10.0.10.2
eth0.20 10.0.20.2
eth0.441  172.44.0.10 (Management)

Core Router:
VLAN 10
  ip helper-address 172.20.0.3
 ip helper-address 172.44.0.10

VLAN 20
  ip helper-address 172.20.0.3
  ip helper-address 172.44.0.10

VLAN 30
  ip helper-address 172.20.0.3
  ip helper-address 172.44.0.10


When I connect a client to the “NAC” SSID I am correctly put into VLAN 10 and 
given a DHCP address.  From there I am able to authenticate my credentials 
using Active Directory.  RADIUS changes my VLAN and ACL via a CoA packet to 
VLAN 30 and Authorize_any.  However, even though the client shows up as being a 
part of VLAN 30 it doesn’t automatically renew so it holds onto a 10.0.10.x 
address.  I can manually release and renew an then it works, however, this is 
not what should happen.  I’ve made a Cisco TAC case thinking it was an issue 
with the controller not being put into a DHCP_REQD state after a reassocation, 
however, they think it’s PacketFence.

My understanding was that if you had “DHCP Address Required” selected on the 
Cisco WLC that it would put you in a DHCP_REQD state on the controller after 
the VLAN has changed, however, that must not be the case.

Any insight would be greatly appreciated.

Jordan Altmann
Network Specialist



Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/



PacketFence-users mailing list
PacketFence-users@lists.sourceforge.netmailto:PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Boris Epstein]

One more question if I may: do you define networks on switches as routed
VLANs?

Boris.

On Wed, Jan 21, 2015 at 10:22 AM, Arthur Emerson arthur.emer...@msmc.edu
wrote:

  I'm using the PF registration VLAN as the default on all switch ports,
 and skipped setting up the MAC detection VLAN.

  If you follow the directions for the Cisco 2960, the switch sends PF
 notice that a new client is connected to the wired port.  PF looks up
 the MAC address, and then tells the switch what VLAN to put that port
 onto.  If the client isn't registered, PF tells the switch to put the
 port onto the registration VLAN (or leaves it there in my case since
 registration is my default).  If it has outstanding violations, it gets
 sent to the naughty room (isolation VLAN).  If PF knows the device
 and it's registered, it tells the switch to put the port onto whatever
 the appropriate production network is based on client
 role.

  PF generally has direct connections to the registration and isolation
 VLANs, and handles the DHCP for those two segments.  PF does NOT talk
 on your production networks, so you need to provide DHCP on those
 VLANs.  If you want PF to track IP address history on your production
 VLANs, make sure that the Cisco DHCP helper also sends those packets
 to PF in addition to your production DHCP server.  (Put it at the end
 of the DHCP server list in the switch.)  PF will not hand out the
 addresses on your production networks, but uses the DHCP packets to
 track the IP addresses that are handed out by the production DHCP
 servers.

  Hope this helps to get you started...

-Arthur

  -
 Arthur Emerson III Email:  emer...@msmc.edu
 Network Administrator  InterNIC:   AE81
 Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
 330 Powell Ave.Fax:(845) 562-6762
 Newburgh, NY  12550SneakerNet: Aquinas Hall Room 11


   From: Boris Epstein borepst...@gmail.com
 Reply-To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Date: Wednesday, January 21, 2015 at 10:00 AM
 To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Subject: Re: [PacketFence-users] DHCP on switch via DHCP helper

   Arthur,

  Thanks! This makes sense.

  So let us say I have a VLAN on a switch that is the MAC detection VLAN.
 A device gets plugged into it, the PF is notified by the SNMP - and then
 what? Or should I automatically move that device to a different VLAN right
 away?

  Boris.



 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Boris Epstein]

Arthur,

Thanks, this actually is very helpful. Do you have a sample switch/PF
configuration for your scenario that you could share?

Boris.

On Wed, Jan 21, 2015 at 10:22 AM, Arthur Emerson arthur.emer...@msmc.edu
wrote:

  I'm using the PF registration VLAN as the default on all switch ports,
 and skipped setting up the MAC detection VLAN.

  If you follow the directions for the Cisco 2960, the switch sends PF
 notice that a new client is connected to the wired port.  PF looks up
 the MAC address, and then tells the switch what VLAN to put that port
 onto.  If the client isn't registered, PF tells the switch to put the
 port onto the registration VLAN (or leaves it there in my case since
 registration is my default).  If it has outstanding violations, it gets
 sent to the naughty room (isolation VLAN).  If PF knows the device
 and it's registered, it tells the switch to put the port onto whatever
 the appropriate production network is based on client
 role.

  PF generally has direct connections to the registration and isolation
 VLANs, and handles the DHCP for those two segments.  PF does NOT talk
 on your production networks, so you need to provide DHCP on those
 VLANs.  If you want PF to track IP address history on your production
 VLANs, make sure that the Cisco DHCP helper also sends those packets
 to PF in addition to your production DHCP server.  (Put it at the end
 of the DHCP server list in the switch.)  PF will not hand out the
 addresses on your production networks, but uses the DHCP packets to
 track the IP addresses that are handed out by the production DHCP
 servers.

  Hope this helps to get you started...

-Arthur

  -
 Arthur Emerson III Email:  emer...@msmc.edu
 Network Administrator  InterNIC:   AE81
 Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
 330 Powell Ave.Fax:(845) 562-6762
 Newburgh, NY  12550SneakerNet: Aquinas Hall Room 11


   From: Boris Epstein borepst...@gmail.com
 Reply-To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Date: Wednesday, January 21, 2015 at 10:00 AM
 To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Subject: Re: [PacketFence-users] DHCP on switch via DHCP helper

   Arthur,

  Thanks! This makes sense.

  So let us say I have a VLAN on a switch that is the MAC detection VLAN.
 A device gets plugged into it, the PF is notified by the SNMP - and then
 what? Or should I automatically move that device to a different VLAN right
 away?

  Boris.



 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Boris Epstein]

Arthur,

Thanks! This makes sense.

So let us say I have a VLAN on a switch that is the MAC detection VLAN. A
device gets plugged into it, the PF is notified by the SNMP - and then
what? Or should I automatically move that device to a different VLAN right
away?

Boris.


On Wed, Jan 21, 2015 at 8:56 AM, Arthur Emerson arthur.emer...@msmc.edu
wrote:

  PF is not really intended to manage your production DHCP.  You need to
 provide your own DHCP arrangements for each of your production networks
 in a VLAN-switching setup.  PF tells the switch to change the client's
 VLAN, and that's where PF's responsibility ends.

  If you would like to take advantage of PF's IP address history function
 (not as great in V4 as it was in V3 IMO), then you will need to use a
 Cisco DHCP helper to send those requests to PF IN ADDITION TO your
 production DHCP server.  You could set up PF interfaces on every VLAN
 and let PF listen for the DHCP broadcasts directly, but that really
 isn't practical on larger networks...

  -Arthur

  -
 Arthur Emerson III Email:  emer...@msmc.edu
 Network Administrator  InterNIC:   AE81
 Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
 330 Powell Ave.Fax:(845) 562-6762
 Newburgh, NY  12550SneakerNet: Aquinas Hall Room 11


   From: Boris Epstein borepst...@gmail.com
 Reply-To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Date: Tuesday, January 20, 2015 at 5:25 PM
 To: packetfence-users@lists.sourceforge.net 
 packetfence-users@lists.sourceforge.net
 Subject: [PacketFence-users] DHCP on switch via DHCP helper

   Hello listmates,

  Let us say I have a PF and I have a number of Cisco switches directly
 accessible via IP and I want VLAN's on those switches to be DHCP-managed
 with the PF server serving the addresses. How do I do that? Or is that the
 correct way to do that?

 So continuing on with the example: let us say my PF server is at
 192.168.10.5 and a switch sw1 is at 192.168.10.20. sw1 is
 allocating/serving a number of VLAN's not even accessible to the PF server.
 Can it still control them - including the DHCP on them?

 Thanks.

  Boris.


 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Fabrice DURAND]

Hello,

if you want to manage dhcp from packetfence on production vlan then
create a new instance of dhcpd and only listen on corresponding vlan
interface.
Btw on vlan layer3 interface of your production vlan you can add an
iphelper address to packetfence.


Regards
Fabrice

Le 2015-01-20 17:25, Boris Epstein a écrit :
 Hello listmates,

 Let us say I have a PF and I have a number of Cisco switches directly
 accessible via IP and I want VLAN's on those switches to be
 DHCP-managed with the PF server serving the addresses. How do I do
 that? Or is that the correct way to do that?

 So continuing on with the example: let us say my PF server is at
 192.168.10.5 and a switch sw1 is at 192.168.10.20. sw1 is
 allocating/serving a number of VLAN's not even accessible to the PF
 server. Can it still control them - including the DHCP on them?
  
 Thanks.

 Boris.


 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet


 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Arthur Emerson]

PF is not really intended to manage your production DHCP.  You need to
provide your own DHCP arrangements for each of your production networks
in a VLAN-switching setup.  PF tells the switch to change the client's
VLAN, and that's where PF's responsibility ends.

If you would like to take advantage of PF's IP address history function
(not as great in V4 as it was in V3 IMO), then you will need to use a
Cisco DHCP helper to send those requests to PF IN ADDITION TO your
production DHCP server.  You could set up PF interfaces on every VLAN
and let PF listen for the DHCP broadcasts directly, but that really
isn't practical on larger networks...

-Arthur

-
Arthur Emerson III Email:  
emer...@msmc.edumailto:emer...@msmc.edu
Network Administrator  InterNIC:   AE81
Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave.Fax:(845) 562-6762
Newburgh, NY  12550SneakerNet: Aquinas Hall Room 11


From: Boris Epstein borepst...@gmail.commailto:borepst...@gmail.com
Reply-To: 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
Date: Tuesday, January 20, 2015 at 5:25 PM
To: 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] DHCP on switch via DHCP helper

Hello listmates,

Let us say I have a PF and I have a number of Cisco switches directly 
accessible via IP and I want VLAN's on those switches to be DHCP-managed with 
the PF server serving the addresses. How do I do that? Or is that the correct 
way to do that?

So continuing on with the example: let us say my PF server is at 192.168.10.5 
and a switch sw1 is at 192.168.10.20. sw1 is allocating/serving a number of 
VLAN's not even accessible to the PF server. Can it still control them - 
including the DHCP on them?

Thanks.

Boris.
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Boris Epstein]

Fabrice,

Thanks! The whole thing is that the VLAN's exist on, and are accessible by,
the switches only - the PF server has not direct access to them. Hence DHCP
helper is likely the only feasible scenario here.

Boris.

On Wed, Jan 21, 2015 at 8:38 AM, Fabrice DURAND fdur...@inverse.ca wrote:

 Hello,

 if you want to manage dhcp from packetfence on production vlan then
 create a new instance of dhcpd and only listen on corresponding vlan
 interface.
 Btw on vlan layer3 interface of your production vlan you can add an
 iphelper address to packetfence.


 Regards
 Fabrice

 Le 2015-01-20 17:25, Boris Epstein a écrit :
  Hello listmates,
 
  Let us say I have a PF and I have a number of Cisco switches directly
  accessible via IP and I want VLAN's on those switches to be
  DHCP-managed with the PF server serving the addresses. How do I do
  that? Or is that the correct way to do that?
 
  So continuing on with the example: let us say my PF server is at
  192.168.10.5 and a switch sw1 is at 192.168.10.20. sw1 is
  allocating/serving a number of VLAN's not even accessible to the PF
  server. Can it still control them - including the DHCP on them?
 
  Thanks.
 
  Boris.
 
 
 
 --
  New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
  GigeNET is offering a free month of service with a new server in Ashburn.
  Choose from 2 high performing configs, both with 100TB of bandwidth.
  Higher redundancy.Lower latency.Increased capacity.Completely compliant.
  http://p.sf.net/sfu/gigenet
 
 
  ___
  PacketFence-users mailing list
  PacketFence-users@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/packetfence-users


 --
 Fabrice Durand
 fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
 Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (
 http://packetfence.org)



 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP on switch via DHCP helper

[Arthur Emerson]

I'm using the PF registration VLAN as the default on all switch ports,
and skipped setting up the MAC detection VLAN.

If you follow the directions for the Cisco 2960, the switch sends PF
notice that a new client is connected to the wired port.  PF looks up
the MAC address, and then tells the switch what VLAN to put that port
onto.  If the client isn't registered, PF tells the switch to put the
port onto the registration VLAN (or leaves it there in my case since
registration is my default).  If it has outstanding violations, it gets
sent to the naughty room (isolation VLAN).  If PF knows the device
and it's registered, it tells the switch to put the port onto whatever
the appropriate production network is based on client
role.

PF generally has direct connections to the registration and isolation
VLANs, and handles the DHCP for those two segments.  PF does NOT talk
on your production networks, so you need to provide DHCP on those
VLANs.  If you want PF to track IP address history on your production
VLANs, make sure that the Cisco DHCP helper also sends those packets
to PF in addition to your production DHCP server.  (Put it at the end
of the DHCP server list in the switch.)  PF will not hand out the
addresses on your production networks, but uses the DHCP packets to
track the IP addresses that are handed out by the production DHCP
servers.

Hope this helps to get you started...

-Arthur

-
Arthur Emerson III Email:  
emer...@msmc.edumailto:emer...@msmc.edu
Network Administrator  InterNIC:   AE81
Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave.Fax:(845) 562-6762
Newburgh, NY  12550SneakerNet: Aquinas Hall Room 11


From: Boris Epstein borepst...@gmail.commailto:borepst...@gmail.com
Reply-To: 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
Date: Wednesday, January 21, 2015 at 10:00 AM
To: 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
 
packetfence-users@lists.sourceforge.netmailto:packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] DHCP on switch via DHCP helper

Arthur,

Thanks! This makes sense.

So let us say I have a VLAN on a switch that is the MAC detection VLAN. A 
device gets plugged into it, the PF is notified by the SNMP - and then what? Or 
should I automatically move that device to a different VLAN right away?

Boris.

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP not on Packetfence

[Tim DeNike]

You have to forward the DHCP requests to packet fence.  That is the only
way it can determine the MAC address on a routed network.  Think about it.
 All PF sees is the IP connecting.  Without getting the DHCP data forwarded
to it, it can't map that to a MAC address.

On Wed, Sep 10, 2014 at 11:57 AM, Brian Motts bmo...@outlook.com wrote:

 We are using a remote DHCP server for the DHCP on registration/isolation.
  We have setup the remote networks in the packetfence server.  The DHCP
 uses the PacketFence server DNS.  Packetfence is over a VPN from the remote
 network and we dont want to forward DHCP requests over the VPN.

 We are getting an error when we try to connect:
 *Sorry!*

 Your computer was not found in the PacketFence database. Please reboot to
 solve this issue.


 I am assuming this is because of the remote DHCP server, is there any way
 to make it work with this setup or do we have to forward DHCP requests over
 the VPN?


 --
 Want excitement?
 Manually upgrade your production database.
 When you want reliability, choose Perforce
 Perforce version control. Predictably reliable.

 http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP not on Packetfence

[Brian Motts]

I answered my own question by reading the manual..
Production DHCP accessIn order to perform all of its access control duties, 
PacketFence needs to be able to map MAC addressesinto IP addresses.For all the 
networks/VLANs where you want PacketFence to have the ability to isolate a node 
or to haveIP information about nodes, you will need to perform one of the 
techniques below.Also note that this doesn’t need to be done for the 
registration, isolation VLANs and inline interfacessince PacketFence acts as 
the DHCP server in these networks.
IP Helpers (recommended)If you are already using IP Helpers for your production 
DHCP in your production VLANs this approach isthe simplest one and the one that 
works the best.Add PacketFence’s management IP address as the last ip 
helper-address statement in your networkequipment. At this point PacketFence 
will receive a copy of all DHCP requests for that VLAN and will recordwhat IP 
were distributed to what node using a pfdhcplistener daemon.
From: bmo...@outlook.com
To: packetfence-users@lists.sourceforge.net
Date: Wed, 10 Sep 2014 11:57:54 -0400
Subject: [PacketFence-users] DHCP not on Packetfence




We are using a remote DHCP server for the DHCP on registration/isolation.  We 
have setup the remote networks in the packetfence server.  The DHCP uses the 
PacketFence server DNS.  Packetfence is over a VPN from the remote network and 
we dont want to forward DHCP requests over the VPN.  
We are getting an error when we try to connect:Sorry!








Your computer was not found in the PacketFence database. Please reboot to solve 
this issue.
I am assuming this is because of the remote DHCP server, is there any way to 
make it work with this setup or do we have to forward DHCP requests over the 
VPN?

--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users  
  --
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[luis torres]

Ok mates,

just added a new interface ( eth1) on my PF server, and put it as
registration interface so it can be as dhcp server. However I had to
manually setup the gateway on the ifcfg-eth1.

   However, now in the captive-portal, cant see the Register button...,
What Im missing?

   LT

   Citando Jason Frisvold xenoph...@godshell.com:

luis torres wrote:   Yes,


   Im using in a routed network.

   PF is in router 1 , while the client PC and vlan for registration are on
   router 2.

   on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which
   is the eth0.

  eth0 is...  the management interface?  If so, there's a dhcp listener
  there, but not for handling dhcp requests.  You also need to have a
  helper-address pointing to the registration interface on your
  packetfence server as well.  In other words, you need to have multiple
  interfaces on the packetfence server connected to the router.  You can
  get away with just the management and registration interfaces set up.
  isolation needs to exist, but doesn't have to connect anywhere if you're
  not using it.

Hope this helps

   LT

  --
  ---
  Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
  ---

  Any sufficiently advanced magic is indistinguishable from technology.\
  - Niven's Inverse of Clarke's Third Law


--
  Introducing Performance Central, a new site from SourceForge and
  AppDynamics. Performance Central is your source for news, insights,
  analysis and resources for efficient Application Performance Management.
  Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
  ___
  PacketFence-users mailing list
PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[luis torres]

ok so, I going to put the router interface wheres PF is connected, in
trunk mode and giving it another iP on a diff subnet. 

  This will work as registration..., my question is, doesnt it need to be
on the same vlan id as the client pc ?

  LT

   Citando Jason Frisvold xenoph...@godshell.com:

luis torres wrote:   Yes,


   Im using in a routed network.

   PF is in router 1 , while the client PC and vlan for registration are on
   router 2.

   on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which
   is the eth0.

  eth0 is...  the management interface?  If so, there's a dhcp listener
  there, but not for handling dhcp requests.  You also need to have a
  helper-address pointing to the registration interface on your
  packetfence server as well.  In other words, you need to have multiple
  interfaces on the packetfence server connected to the router.  You can
  get away with just the management and registration interfaces set up.
  isolation needs to exist, but doesn't have to connect anywhere if you're
  not using it.

Hope this helps

   LT

  --
  ---
  Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
  ---

  Any sufficiently advanced magic is indistinguishable from technology.\
  - Niven's Inverse of Clarke's Third Law


--
  Introducing Performance Central, a new site from SourceForge and
  AppDynamics. Performance Central is your source for news, insights,
  analysis and resources for efficient Application Performance Management.
  Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
  ___
  PacketFence-users mailing list
PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[Jason Frisvold]

luis torres wrote:
 It cant cause its a fake interface. The vlan 761 in not in this
 router..., if I dont setup the eth0.761 the dhcp wont start at all

Can you please describe your network setup?  It sounds like you're
trying to do this in a routed environment which means you'll be using
dhcp helpers to get the dhcp requests to the packetfence server.

 LT

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

Any sufficiently advanced magic is indistinguishable from technology.\
- Niven's Inverse of Clarke's Third Law

--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[luis torres]

Yes,

   Im using in a routed network. 

   PF is in router 1 , while the client PC and vlan for registration are
on router 2.

   on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170
which is the eth0.

   Hope this helps

   LT

   Citando Jason Frisvold xenoph...@godshell.com:

luis torres wrote:   It cant cause its a fake interface. The vlan
761 in not in this

   router..., if I dont setup the eth0.761 the dhcp wont start at all

  Can you please describe your network setup?  It sounds like you're
  trying to do this in a routed environment which means you'll be using
  dhcp helpers to get the dhcp requests to the packetfence server.

LT

  --
  ---
  Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
  ---

  Any sufficiently advanced magic is indistinguishable from technology.\
  - Niven's Inverse of Clarke's Third Law


--
  Introducing Performance Central, a new site from SourceForge and
  AppDynamics. Performance Central is your source for news, insights,
  analysis and resources for efficient Application Performance Management.
  Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
  ___
  PacketFence-users mailing list
PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[Jason Frisvold]

luis torres wrote:
 Yes,
 
 Im using in a routed network. 
 
 PF is in router 1 , while the client PC and vlan for registration are on
 router 2.
 
 on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which
 is the eth0.

eth0 is...  the management interface?  If so, there's a dhcp listener
there, but not for handling dhcp requests.  You also need to have a
helper-address pointing to the registration interface on your
packetfence server as well.  In other words, you need to have multiple
interfaces on the packetfence server connected to the router.  You can
get away with just the management and registration interfaces set up.
isolation needs to exist, but doesn't have to connect anywhere if you're
not using it.

 Hope this helps
 
 LT


-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

Any sufficiently advanced magic is indistinguishable from technology.\
- Niven's Inverse of Clarke's Third Law

--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[Derek Wuelfrath]

Point the ip helper to the eth0.761 ip address ?

Derek

--
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On 2013-08-21, at 7:01 AM, luis torres luistor...@netc.pt wrote:

 Hi list,
 
 heres my problem ..., have my PF in a routed network and I want to manage the 
 ips of a registration network that is in another router.
 
 heres my confs:
 
 networks:
 
 [10.2.20.0]
 dns=10.2.20.251
 dhcp_start=10.2.20.10
 gateway=10.2.20.251
 domain-name=vlan-registration.estradas.pt
 named=enabled
 dhcp_max_lease_time=30
 dhcpd=enabled
 type=vlan-isolation
 netmask=255.255.255.0
 dhcp_end=10.2.20.246
 dhcp_default_lease_time=30
 
 pf.conf:
 [interface eth0.761]
 enforcement=vlan
 ip=10.2.20.251
 type=internal
 mask=255.255.255.0
  
 [interface eth0]
 ip=10.1.2.170
 type=management
 mask=255.255.255.0
 
 
 dhcp.conf:
 subnet 10.2.20.0 netmask 255.255.255.0 {
   option routers 10.2.20.251;
   option subnet-mask 255.255.255.0;
   option domain-name vlan-isolation.estradas.pt;
   option domain-name-servers 10.2.20.251;
   range 10.2.20.10 10.2.20.246;
   default-lease-time 30;
   max-lease-time 30;
 }
 
 
 The problem is this, the dhcp process is listening on the vlan id 761 , but 
 the dhcp resquests are arriving via eth0 ( 10.1.2.170) which is my management 
 interface:
 
 /usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf 
 /usr/local/pf/var/conf/dhcpd.conf -pf /usr/local/pf/var/run/dhcpd.pid 
 eth0.761
 
 how can I put pf listening on the eth0 besides the eth0.761? Manually it 
 works, but everytime I restart PF I have to reconfigure it manually again.
 
 
 Regards
 LT
  
 
 
 --
 Introducing Performance Central, a new site from SourceForge and 
 AppDynamics. Performance Central is your source for news, insights, 
 analysis and resources for efficient Application Performance Management. 
 Visit us today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Dhcp and Route Networks

[luis torres]

It cant cause its a fake interface. The vlan 761 in not in this
router..., if I dont setup the eth0.761 the dhcp wont start at all

   LT

   Citando Derek Wuelfrath dwuelfr...@inverse.ca:


Point the ip helper to the eth0.761 ip address ?

Derek
 
--
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca[1]
Inverse inc. :: Leaders behind SOGo (www.sogo.nu[2]) and PacketFence
(www.packetfence.org[3])


 
On 2013-08-21, at 7:01 AM, luis torres luistor...@netc.pt wrote:



Hi list,

  heres my problem ..., have my PF in a routed network and I
want to manage the ips of a registration network that is in another
router.

  heres my confs:

  networks:
[10.2.20.0]
dns=10.2.20.251
dhcp_start=10.2.20.10
gateway=10.2.20.251
domain-name=vlan-registration.estradas.pt[4]
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=10.2.20.246
dhcp_default_lease_time=30

  pf.conf:
[interface eth0.761]
enforcement=vlan
ip=10.2.20.251
type=internal
mask=255.255.255.0
 
[interface eth0]
ip=10.1.2.170
type=management
mask=255.255.255.0


   dhcp.conf:
subnet 10.2.20.0 netmask 255.255.255.0 {
  option routers 10.2.20.251;
  option subnet-mask 255.255.255.0;
  option domain-name vlan-isolation.estradas.pt[5];
  option domain-name-servers 10.2.20.251;
  range 10.2.20.10 10.2.20.246;
  default-lease-time 30;
  max-lease-time 30;
}


The problem is this, the dhcp process is listening on the
vlan id 761 , but the dhcp resquests are arriving via eth0 (
10.1.2.170) which is my management interface:

/usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases
-cf /usr/local/pf/var/conf/dhcpd.conf -pf
/usr/local/pf/var/run/dhcpd.pid eth0.761

how can I put pf listening on the eth0 besides the
eth0.761? Manually it works, but everytime I restart PF I have to
reconfigure it manually again.


Regards
LT
 



 


--
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



 






Ligações:
-
[1] http://www.inverse.ca/
[2] http://www.sogo.nu/
[3] http://www.packetfence.org/
[4] http://vlan-registration.estradas.pt
[5] http://vlan-isolation.estradas.pt
--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Service can't startup

[William Zhou]

Hi All,

I solved my problem myself...
It's my fault that the AP had the wrong setting.
I reset the AP and everything goes fine.

Sorry for your time..

ThanksBest Regards,
Zlyzwy


On Mon, Jul 15, 2013 at 10:41 PM, William Zhou zly...@gmail.com wrote:

 Hi All,

 I am running PF-ZEN-Desktop in VM workstaion.
 I noticed that all my  clients can't get IP address from PF, then I check
 the DHCP service. It startup successful. I google a lot and I think my
 network configuration supposed be right.
 Can anyone give me some advice again?
 Thanks in advance!

 Here is my conf :
 /etc/sysconfig/network-scripts/ifcfg-eth1
 DEVICE=eth1
 HWADDR=
 ONBOOT=yes
 BOOTPROTO=static
 NM_CONTROLLED=no
 IPADDR=192.168.0.1
 NETMASK=255.255.255.0
 -
 /etc/sysconfig/dhcpd
 # Command line options here
 DHCPDARGS=eth1
 =
 /etc/dhcp/dhcpd.conf
 authoritative;
 ddns-update-style none;
 ignore client-updates;

 subnet 192.168.0.0 netmask 255.255.255.0 {
   option routers 192.168.0.1;
   option subnet-mask 255.255.255.0;
   option domain-name inline.zlyzwy.cn;
   option domain-name-servers 8.8.8.8;
   range 192.168.0.100 192.168.0.246;
   default-lease-time 86400;
   max-lease-time 86400;
 }
 =
 /usr/local/pf/conf/dhcpd.conf
 # dhcpd configuration
 # This file is manipulated on PacketFence's startup before being given to
 dhcpd
 authoritative;
 ddns-update-style none;
 ignore client-updates;

 authoritative;
 ddns-update-style none;
 ignore client-updates;

 subnet 192.168.0.0 netmask 255.255.255.0 {
   option routers 192.168.0.1;
   option subnet-mask 255.255.255.0;
   option domain-name inline.zlyzwy.cn;
   option domain-name-servers 8.8.8.8;
   range 192.168.0.100 192.168.0.246;
   default-lease-time 86400;
   max-lease-time 86400;
 }
 ==

 [root@PacketFence ~]# service dhcpd restart
 Shutting down dhcpd:   [  OK  ]
 Starting dhcpd:[  OK  ]
 [root@PacketFence ~]#  /usr/local/pf/bin/pfcmd service dhcpd restart
 service|command
 config files|restart
 iptables|restart
 Internet Systems Consortium DHCP Server 4.1.1-P1
 Copyright 2004-2010 Internet Systems Consortium.
 All rights reserved.
 For info, please visit https://www.isc.org/software/dhcp/
 Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not
 specified in the config file
 Wrote 0 leases to leases file.
 Listening on LPF/eth1/00:0c:29:4f:63:9e/192.168.0.0/24
 Sending on   LPF/eth1/00:0c:29:4f:63:9e/192.168.0.0/24
 Sending on   Socket/fallback/fallback-net
 dhcpd|restart
 [root@PacketFence ~]#
 

 Thanks Best Regards,
 Zlyzwy

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP Service can't startup

[forbmsyn]

Hi Zlyzwy,

stop your current dhcp service:

service dhcpd stop

Then try starting the service with the following command.  My OS is CentOS
6.4.

sudo /usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf
/usr/local/pf/var/conf/dhcpd.conf -pf /usr/local/pf/var/run/dhcpd.pid
eth0.2 eth0.3 eth0.5

Regards,
Jacky


On Mon, Jul 15, 2013 at 10:41 AM, William Zhou zly...@gmail.com wrote:

 Hi All,

 I am running PF-ZEN-Desktop in VM workstaion.
 I noticed that all my  clients can't get IP address from PF, then I check
 the DHCP service. It startup successful. I google a lot and I think my
 network configuration supposed be right.
 Can anyone give me some advice again?
 Thanks in advance!

 Here is my conf :
 /etc/sysconfig/network-scripts/ifcfg-eth1
 DEVICE=eth1
 HWADDR=
 ONBOOT=yes
 BOOTPROTO=static
 NM_CONTROLLED=no
 IPADDR=192.168.0.1
 NETMASK=255.255.255.0
 -
 /etc/sysconfig/dhcpd
 # Command line options here
 DHCPDARGS=eth1
 =
 /etc/dhcp/dhcpd.conf
 authoritative;
 ddns-update-style none;
 ignore client-updates;

 subnet 192.168.0.0 netmask 255.255.255.0 {
   option routers 192.168.0.1;
   option subnet-mask 255.255.255.0;
   option domain-name inline.zlyzwy.cn;
   option domain-name-servers 8.8.8.8;
   range 192.168.0.100 192.168.0.246;
   default-lease-time 86400;
   max-lease-time 86400;
 }
 =
 /usr/local/pf/conf/dhcpd.conf
 # dhcpd configuration
 # This file is manipulated on PacketFence's startup before being given to
 dhcpd
 authoritative;
 ddns-update-style none;
 ignore client-updates;

 authoritative;
 ddns-update-style none;
 ignore client-updates;

 subnet 192.168.0.0 netmask 255.255.255.0 {
   option routers 192.168.0.1;
   option subnet-mask 255.255.255.0;
   option domain-name inline.zlyzwy.cn;
   option domain-name-servers 8.8.8.8;
   range 192.168.0.100 192.168.0.246;
   default-lease-time 86400;
   max-lease-time 86400;
 }
 ==

 [root@PacketFence ~]# service dhcpd restart
 Shutting down dhcpd:   [  OK  ]
 Starting dhcpd:[  OK  ]
 [root@PacketFence ~]#  /usr/local/pf/bin/pfcmd service dhcpd restart
 service|command
 config files|restart
 iptables|restart
 Internet Systems Consortium DHCP Server 4.1.1-P1
 Copyright 2004-2010 Internet Systems Consortium.
 All rights reserved.
 For info, please visit https://www.isc.org/software/dhcp/
 Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not
 specified in the config file
 Wrote 0 leases to leases file.
 Listening on LPF/eth1/00:0c:29:4f:63:9e/192.168.0.0/24
 Sending on   LPF/eth1/00:0c:29:4f:63:9e/192.168.0.0/24
 Sending on   Socket/fallback/fallback-net
 dhcpd|restart
 [root@PacketFence ~]#
 

 Thanks Best Regards,
 Zlyzwy


 --
 See everything from the browser to the database with AppDynamics
 Get end-to-end visibility with application monitoring from AppDynamics
 Isolate bottlenecks and diagnose root cause in seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk
 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP PF

[Fabrice DURAND]

  
  
Hello Ulrich,
  DHCP server is managed by packetfence, so if you enable a
  registration network or an isolation network then DHCP should work
  on these networks.
  
  Regards
  Fabrice
  
  Le 2013-06-17 04:35, Ulrich Guimbi a crit:


  
  
  
  
  
Hello,
Im a new one on
PacketFence.
I want to know how to
configure the DHCP server on the PF.
If someone have a
tutorial which explain how to configure PF server on the web
interface.
Best regards


  

  

  

  

  


  

  


  
11-13
rue Ren Jacques
92131 Issy-les-Moulineaux Cedex - France
www.keynectis.com
  

  

  
  

  

  

  
  
GUIMBI
Ulrich
Administrateur Systmes et Rseaux
  


  
  


  

  

  
T.
  
  
+33
(0)1 44 42 00 15
  


  
T.
  
  
+33
(0)1 55 64 21 21
  

  

  

  

  

  



  
  
  
  
  --
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
  
  
  
  ___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) 
  

--
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP does not work

[Fabrice DURAND]

Bonjour,
cette mailling list est en anglais, merci de le respecter.

Il faudrait plus de précisions sur ce que vous tentez de faire.

Cordialement

Fabrice

Le 2013-04-17 05:09, AMINO KIMA a écrit :

salut
quand une machine se connacte au notre switch elle n'obtient pas une 
adresse IP donc je pense que le dhcp ne fonctionne pas
- est ce que je dois le configurer sachez que j'ai suit le guide 
d'administration et j'ai rien fait de plus.

s'il y a un autre probleme  aidez moi svp


--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis  visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis  visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP listener information disappared

[Francois Gaudreault]

Hi Andi,

You should consider using the service watch feature to avoid those kind 
of problems in the future.

Thanks!

On 2012-09-03 10:08 AM, Morris, Andi wrote:
 Looks like a restart of the DHCPlistener service resolved this easily
 enough.

 Cheers,

 Andi

 *From:*Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
 *Sent:* 03 September 2012 13:43
 *To:* packetfence-users@lists.sourceforge.net
 *Subject:* [PacketFence-users] DHCP listener information disappared

 Hi all,

 A curious one today, last Friday my nodes tab on the web interface was
 populated with device names and OS type retrieved from the DHCP
 listener, however the new registrations that came in over the weekend
 and today are not populating these fields, bar one exception.

 It’s happening across all vlans, wired and wireless.  I’ve double
 checked that the packetfence server is still sitting as the last ip
 helper address on the vlan which it is.

 Is there any way of troubleshooting what’s going on here?  I’m not
 getting reports that the users are having trouble registering, so I can
 only assume (at the moment) that the process is all working ok from that
 end.

 Cheers,

 Andi

 


From 1st November 2011 UWIC changed its title to Cardiff Metropolitan 
University. From the 6th December 2011, as part of this change, all email 
addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All 
emails sent from Cardiff Metropolitan  University will now be sent from the 
new @cardiffmet.ac.uk address.
 *Please could you ensure that all of your contact records and databases
 are updated to reflect this change.* Further information can be found on
 the website here.
 http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx

 Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan
 Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad
 e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr
 holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu
 danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. *Gwnewch yn siwr eich bod
 yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu
 hyn.* Gellir cael rhagor o wybodaeth ar y wefan yma.
 http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx



 --
 Live Security Virtual Conference
 Exclusive live event will cover all the ways today's security and
 threat landscape has changed and how IT managers can respond. Discussions
 will include endpoint security, mobile security and the latest in malware
 threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/



 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users



-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP listener information disappared

[Morris, Andi]

Looks like a restart of the DHCPlistener service resolved this easily enough.

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 03 September 2012 13:43
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] DHCP listener information disappared

Hi all,
A curious one today, last Friday my nodes tab on the web interface was 
populated with device names and OS type retrieved from the DHCP listener, 
however the new registrations that came in over the weekend and today are not 
populating these fields, bar one exception.

It's happening across all vlans, wired and wireless.  I've double checked that 
the packetfence server is still sitting as the last ip helper address on the 
vlan which it is.

Is there any way of troubleshooting what's going on here?  I'm not getting 
reports that the users are having trouble registering, so I can only assume (at 
the moment) that the process is all working ok from that end.

Cheers,
Andi


From 1st November 2011 UWIC changed its title to Cardiff Metropolitan 
University. From the 6th December 2011, as part of this change, all email 
addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All 
emails sent from Cardiff Metropolitan University will now be sent from the new 
@cardiffmet.ac.uk address. Please could you ensure that all of your contact 
records and databases are updated to reflect this change. Further information 
can be found on the website 
here.http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan 
Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n 
cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a 
ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad 
@cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion 
cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar 
y wefan yma.http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DHCP fingerprint update

[Francois Gaudreault]

Hi Bart,

Hmm... Can you try this :
/usr/local/pf/bin/pfcmd reload fingerprints


On 12-07-26 3:49 PM, Upchurch, Bart S. wrote:
 I am having problems manually adding a dhcp fingerprint.

 I have added the below lines to /usr/local/pf/conf/dhcp_fingerprints.conf

 [os 335]

 description=Yealink IP Phone

 fingerprints=EOT

 1,2,3,4,6,7,12,15,28,42,66,67,43,120

 EOT

 I also noticed that the entry below is not showing in my web interface

 [os 334]

 description=Cisco ATA 186

 fingerprints=EOT

 1,3,6,12,15,42,66,150

 EOT

 I have restarted the packetfence service and done a full reboot, but no
 luck.

 I am running these versions

 Centos 5.8

 Packetfence 3.4.1

 Thanks,

 Bart



 --
 Live Security Virtual Conference
 Exclusive live event will cover all the ways today's security and
 threat landscape has changed and how IT managers can respond. Discussions
 will include endpoint security, mobile security and the latest in malware
 threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/



 ___
 PacketFence-users mailing list
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP options

[Francois Gaudreault]

Hi,

If it's a global, do it in /usr/local/pf/conf/dhcpd.conf before the 
%%networks%% line.

If it needs to be in a generated block, add it in 
/usr/local/pf/lib/pf/services/dhcpd.pm.

Thanks.

On 12-03-20 2:02 PM, akisa...@ucs.ucu.ac.ug wrote:
 Hello List,
 Is there a way I can pass DHCP options to the clients?
 One option am interested in passing is option tftp-server-name

 thanks
 Alex


 --
 This SF email is sponsosred by:
 Try Windows Azure free for 90 days Click Here
 http://p.sf.net/sfu/sfd2d-msazure
 ___
 Packetfence-users mailing list
 Packetfence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users



-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP and Network Configuration

[Nathan, Josh]

Francois,

Thanks for the reply!  Good to know about the sub-interfaces vs VLAN 
interfaces.  And yes, as I started following what challenges others have been 
facing I started thinking I might need to switch to an Inline configuration 
instead.  I'll try these over the next few days and see if that clears 
everything up.

Thanks again!
Josh

--
Virtualization  Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Scope based on user credentials

[Sallee, Stephen (Jake)]

My apologies, I was out of the office yesterday. Here is our custom vlan code:

http://pastebin.com/xxEsvvcV

the necessary bit is:

my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, 
$user_name, $ssid) = @_;
my $logger = Log::Log4perl-get_logger();
 
if (defined($node_info-{'category'})) {
 if (($node_info-{'category'}) eq 'Staff') {
 return $switch-getVlanByName('customVlan1');
 } elsif (($node_info-{'category'}) eq 'Students') {
 return $switch-getVlanByName('customVlan2');
 } elsif (($node_info-{'category'}) eq 'Guest') {
 return $switch-getVlanByName('customVlan3');
 }
 }
$logger-warn(Something is misconfigured. You should not see this message. 
Return null VLAN.);
return -1;
}

Basically, you can return the vlan on any arbitrary value you choose you just 
need to find a way to expose it to the getNormalVlan method.  I do not know if 
the IP of the station is in the @_ var, especially since the IP is generally 
determined by the vlan and not the other way around.


Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221


From: Sallee, Stephen (Jake) [jake.sal...@umhb.edu]
Sent: Thursday, December 29, 2011 10:21 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

We are doing something similar, we are assigning vlans based on IP and category.

The main idea is to write your custom logic in the vlan custom module.  You 
will need to have some way of pulling the user info into the logic, since we 
are using radius this was not too hard.  But the main point is that you will be 
assigning a VLAN NOT an IP, the IP info will need to be based on the assigned 
vlan.

Francois  is actually the one who helped us set it up.  The whole Inverse team 
is top notch, for initial install and config I highly suggest getting their 
help.

I am out of the office until Monday, but I will post a sanitized copy of our 
setup for you to look over once I am back.

Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 
254-295-4658[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#
Phax: 
254-295-4221[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#





From: Francois Gaudreault [fgaudrea...@inverse.ca]
Sent: Thursday, December 29, 2011 3:07 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

Using categories, it's kinda possible yes.  You need to build an intelligent 
authentication module that is able to categorize a node according either to an 
AD group/OU, or you do it using multiple modules (ie.  You create a staff 
module, and a student module.  If you select the module staff, and you login, 
you get category A, if you select student, you get category B).  After that, 
you need custom vlan assignment code in vlan/custom.pm to return a different 
vlan depending of the category.

On 11-12-29 12:57 PM, Mark Surkin wrote:

Can anyone tell me whether PacketFence is capable of assigning DHCP addresses 
from a specific scope based on user credentials?


--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox


___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.netmailto:Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.camailto:fgaudrea...@inverse.ca  ::  +1.514.447.4918 
(x130) ::  www.inverse.cahttp://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nuhttp://www.sogo.nu) and 
PacketFence (www.packetfence.orghttp://www.packetfence.org)





--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than

Re: [Packetfence-users] DHCP Scope based on user credentials

[Mark Surkin]

Thank you Jake this is very helpful!

-Original Message-
From: Sallee, Stephen (Jake) [mailto:jake.sal...@umhb.edu] 
Sent: Tuesday, January 03, 2012 2:54 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

My apologies, I was out of the office yesterday. Here is our custom vlan code:

http://pastebin.com/xxEsvvcV

the necessary bit is:

my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, 
$user_name, $ssid) = @_;
my $logger = Log::Log4perl-get_logger();
 
if (defined($node_info-{'category'})) {
 if (($node_info-{'category'}) eq 'Staff') {
 return $switch-getVlanByName('customVlan1');
 } elsif (($node_info-{'category'}) eq 'Students') {
 return $switch-getVlanByName('customVlan2');
 } elsif (($node_info-{'category'}) eq 'Guest') {
 return $switch-getVlanByName('customVlan3');
 }
 }
$logger-warn(Something is misconfigured. You should not see this message. 
Return null VLAN.);
return -1;
}

Basically, you can return the vlan on any arbitrary value you choose you just 
need to find a way to expose it to the getNormalVlan method.  I do not know if 
the IP of the station is in the @_ var, especially since the IP is generally 
determined by the vlan and not the other way around.


Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221


From: Sallee, Stephen (Jake) [jake.sal...@umhb.edu]
Sent: Thursday, December 29, 2011 10:21 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

We are doing something similar, we are assigning vlans based on IP and category.

The main idea is to write your custom logic in the vlan custom module.  You 
will need to have some way of pulling the user info into the logic, since we 
are using radius this was not too hard.  But the main point is that you will be 
assigning a VLAN NOT an IP, the IP info will need to be based on the assigned 
vlan.

Francois  is actually the one who helped us set it up.  The whole Inverse team 
is top notch, for initial install and config I highly suggest getting their 
help.

I am out of the office until Monday, but I will post a sanitized copy of our 
setup for you to look over once I am back.

Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 
254-295-4658[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#
Phax: 
254-295-4221[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#





From: Francois Gaudreault [fgaudrea...@inverse.ca]
Sent: Thursday, December 29, 2011 3:07 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

Using categories, it's kinda possible yes.  You need to build an intelligent 
authentication module that is able to categorize a node according either to an 
AD group/OU, or you do it using multiple modules (ie.  You create a staff 
module, and a student module.  If you select the module staff, and you login, 
you get category A, if you select student, you get category B).  After that, 
you need custom vlan assignment code in vlan/custom.pm to return a different 
vlan depending of the category.

On 11-12-29 12:57 PM, Mark Surkin wrote:

Can anyone tell me whether PacketFence is capable of assigning DHCP addresses 
from a specific scope based on user credentials?


--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex 
infrastructure or vast IT resources to deliver seamless, secure access to 
virtual desktops. With this all-in-one solution, easily deploy virtual desktops 
for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it 
free! http://p.sf.net/sfu/Citrix-VDIinabox


___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.netmailto:Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.camailto:fgaudrea...@inverse.ca  ::  +1.514.447.4918 
(x130) ::  www.inverse.cahttp://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nuhttp://www.sogo.nu) and 
PacketFence (www.packetfence.orghttp://www.packetfence.org

Re: [Packetfence-users] DHCP Scope based on user credentials

[Sallee, Stephen (Jake)]

We are doing something similar, we are assigning vlans based on IP and category.

The main idea is to write your custom logic in the vlan custom module.  You 
will need to have some way of pulling the user info into the logic, since we 
are using radius this was not too hard.  But the main point is that you will be 
assigning a VLAN NOT an IP, the IP info will need to be based on the assigned 
vlan.

Francois  is actually the one who helped us set it up.  The whole Inverse team 
is top notch, for initial install and config I highly suggest getting their 
help.

I am out of the office until Monday, but I will post a sanitized copy of our 
setup for you to look over once I am back.

Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 
254-295-4658[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#
Phax: 
254-295-4221[X]https://officemail.umhb.edu/owa/?ae=Itema=Opent=IPM.Noteid=RgB5NlAep%2bEuQba90yUowxo%2fBwBOLmuBodD%2bTo4rAfX%2bmgEmAAAEhL7YAAA6mBXYgPuvQaUjs6Na88PfAAAXEgPnAAAJs=Draftpspid=_1325218379909_26024572#





From: Francois Gaudreault [fgaudrea...@inverse.ca]
Sent: Thursday, December 29, 2011 3:07 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Scope based on user credentials

Using categories, it's kinda possible yes.  You need to build an intelligent 
authentication module that is able to categorize a node according either to an 
AD group/OU, or you do it using multiple modules (ie.  You create a staff 
module, and a student module.  If you select the module staff, and you login, 
you get category A, if you select student, you get category B).  After that, 
you need custom vlan assignment code in vlan/custom.pm to return a different 
vlan depending of the category.

On 11-12-29 12:57 PM, Mark Surkin wrote:

Can anyone tell me whether PacketFence is capable of assigning DHCP addresses 
from a specific scope based on user credentials?


--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox


___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.netmailto:Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.camailto:fgaudrea...@inverse.ca  ::  +1.514.447.4918 
(x130) ::  www.inverse.cahttp://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nuhttp://www.sogo.nu) and 
PacketFence (www.packetfence.orghttp://www.packetfence.org)





--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Scope based on user credentials

[Francois Gaudreault]

Using categories, it's kinda possible yes.  You need to build an 
intelligent authentication module that is able to categorize a node 
according either to an AD group/OU, or you do it using multiple modules 
(ie.  You create a staff module, and a student module.  If you select 
the module staff, and you login, you get category A, if you select 
student, you get category B).  After that, you need custom vlan 
assignment code in vlan/custom.pm to return a different vlan depending 
of the category.


On 11-12-29 12:57 PM, Mark Surkin wrote:


Can anyone tell me whether PacketFence is capable of assigning DHCP 
addresses from a specific scope based on user credentials?



--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox


___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP hitting packetfence server but not being registered

[Dan Nelson]

Do you have a pfdhcplistener running on that interface?  Can you check if the 
port 67 is allowed in the iptables.conf for that interface?

I have these lines in the Iptables.conf.

:input-internal-inline-if - [0:0]
# DHCP
-A input-internal-inline-if --protocol udp --match udp --dport 67  --jump ACCEPT
-A input-internal-inline-if --protocol tcp --match tcp --dport 67  --jump ACCEPT

Checking the status of packetfence I have this

[root@fennel conf]# service packetfence status
service|shouldBeStarted|pid
named|1|24274
dhcpd|1|24282
snort|0|0
radiusd|1|24284
httpd|1|24338 24334 24332 24331 24325 24315 24314 24291 6356 5574 1764
snmptrapd|1|24293
pfdetect|0|0
pfredirect|0|0
pfsetvlan|1|24424
pfdhcplistener|1|24430 24381 24372
pfmon|1|24393

It appears to be running normally.  I have restarted packetfence as well.

Thanks
Dan Nelson
Nutraceutical Corporation
Network Administrator
801-334-3702

--
RSAreg; Conference 2012
Save #36;700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP hitting packetfence server but not being registered

[Francois Gaudreault]

By default we do not allow DHCP on the management interface.  You will 
saw it in tcpdump, but it won't reach the listener.  I believe eth0 is 
your management interface?


Chain input-management-if (1 references)
 pkts bytes target prot opt in out source   
destination
3   192 ACCEPT tcp  --  *  *   0.0.0.0/0
0.0.0.0/0   state NEW tcp dpt:22
   35  2240 ACCEPT tcp  --  *  *   0.0.0.0/0
0.0.0.0/0   tcp dpt:1443
0 0 ACCEPT tcp  --  *  *   0.0.0.0/0
0.0.0.0/0   tcp dpt:443
0 0 ACCEPT tcp  --  *  *   0.0.0.0/0
0.0.0.0/0   tcp dpt:1812
0 0 ACCEPT udp  --  *  *   0.0.0.0/0
0.0.0.0/0   udp dpt:1812
0 0 ACCEPT tcp  --  *  *   0.0.0.0/0
0.0.0.0/0   tcp dpt:1813
0 0 ACCEPT udp  --  *  *   0.0.0.0/0
0.0.0.0/0   udp dpt:1813
3   534 ACCEPT udp  --  *  *   0.0.0.0/0
0.0.0.0/0   udp dpt:162
0 0 ACCEPT udp  --  *  *   0.0.0.0/0
0.0.0.0/0   udp dpt:53


What you need to do is, in iptables.conf, add the following line at the 
end of the managemetn chain:

-A input-management-if --protocol udp --match udp --dport 67  --jump ACCEPT

Restart httpd after (bin/pfcmd service httpd restart) to reload iptables.

On 11-11-01 11:18 AM, Dan Nelson wrote:


Do you have a pfdhcplistener running on that interface?  Can you check 
if the port 67 is allowed in the iptables.conf for that interface?


I have these lines in the Iptables.conf.

:input-internal-inline-if - [0:0]

# DHCP

-A input-internal-inline-if --protocol udp --match udp --dport 67  
--jump ACCEPT


-A input-internal-inline-if --protocol tcp --match tcp --dport 67  
--jump ACCEPT


Checking the status of packetfence I have this

[root@fennel conf]# service packetfence status

service|shouldBeStarted|pid

named|1|24274

dhcpd|1|24282

snort|0|0

radiusd|1|24284

httpd|1|24338 24334 24332 24331 24325 24315 24314 24291 6356 5574 1764

snmptrapd|1|24293

pfdetect|0|0

pfredirect|0|0

pfsetvlan|1|24424

pfdhcplistener|1|24430 24381 24372

pfmon|1|24393

It appears to be running normally.  I have restarted packetfence as well.

Thanks

Dan Nelson

*Nutraceutical Corporation*

Network Administrator

801-334-3702


--
RSAreg; Conference 2012
Save#36;700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1


___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
RSAreg; Conference 2012
Save #36;700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP hitting packetfence server but not being registered

[Dan Nelson]

I added this line and restarted the packetfence services.  But with no luck.  
Yes my management port is on eth0.

I did a service iptables stop and tested and the request still didn't come 
through on eth0.  Must be something else.  Also I edited the iptables.conf in 
the /usr/local/pf/conf/iptables.conf file.  Is that the file that is being used 
now.  Do I need to do a iptables-save or anything for that to take affect?

--

By default we do not allow DHCP on the management interface. You will saw it in 
tcpdump, but it won't reach the listener. I believe eth0 is your management 
interface?

Chain input-management-if (1 references)
pkts bytes target prot opt in out source destination 3 192 ACCEPT tcp -- * * 
0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 35 2240 ACCEPT tcp -- * * 0.0.0.0/0 
0.0.0.0/0 tcp dpt:1443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 
0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812 0 0 ACCEPT udp -- * * 
0.0.0.0/0 0.0.0.0/0 udp dpt:1812 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp 
dpt:1813 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1813 3 534 ACCEPT 
udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162 0 0 ACCEPT udp -- * * 0.0.0.0/0 
0.0.0.0/0 udp dpt:53

What you need to do is, in iptables.conf, add the following line at the end of 
the managemetn chain:
-A input-management-if --protocol udp --match udp --dport 67  --jump ACCEPT

Restart httpd after (bin/pfcmd service httpd restart) to reload iptables.




Thanks
Dan Nelson
Nutraceutical Corporation
Network Administrator
801-334-3702

--
RSAreg; Conference 2012
Save #36;700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Question

[Palmer, David W.]

I did this and it looks like dhcp is running but I am not getting an IP even 
when assigning the vlan manually in the switch. After doing some looking around 
I noticed that the pf.conf file has eth0 declared but not eth0.4 and eth0.5 
(registration and isolation interfaces). Do I also have to add them here?

Thanks,

David

-Original Message-
From: Marc-André Jutras [mailto:mjut...@inverse.ca] 
Sent: Thursday, March 31, 2011 10:41 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Question

David,

Unfortunately, you will have to set the vlan manually. Those are normally 
configured in :

/etc/sysconfig/network-script/ifcfg-ethX.Y( where X = interface 
number: eth0, eth1, eth2...  and Y is the vlan number... )

example of ifcfg-eth0

DESCRIPTION=MANAGEMENT_INTERAFCE
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=THE:MAC:ADD:OF:YOUR:NIC
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=172.16.1.5
USERCTL=no
IPV6INIT=no


example of ifcfg-eth0.5
DESCRIPTION=REGISTRATION_INTERFACE
VLAN=yes
DEVICE=eth0.5
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=172.16.5.5
NETMASK=255.255.255.0


Regards,
M-A


Le 11-03-30 11:10, Palmer, David W. a écrit :
 Ok,

 So I went through and re-installed the system and to make sure that DHCP and 
 named were correctly pulled down with packetfence-complete package.

 Now the issue that I am running into when starting packetfence is DHCP 
 is not starting correctly. I believe that I need to setup 802.1Q 
 interfaces on the packetfence server. My question is does Packetfence 
 do this for me or is this something I need to create


 Here is my networks.conf:

 [10.28.4.0]
 type=registration
 netmask=255.255.255.0
 gateway=10.28.4.2
 pf_gateway=
 named=enabled
 domain-name=registration.cazenovia.edu
 dns=10.28.4.2
 dhcpd=enabled
 dhcp_start=10.28.4.10
 dhcp_end=10.28.4.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300

 [10.28.5.0]
 type=isolation
 netmask=255.255.255.0
 gateway=10.24.5.2
 pf_gateway=
 named=enabled
 domain-name=isolation.cazenovia.edu
 dns=10.24.5.2
 dhcpd=enabled
 dhcp_start=10.28.5.10
 dhcp_end=10.28.5.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300


 Thanks,

 David



 -Original Message-
 From: Marc-André Jutras [mailto:mjut...@inverse.ca]
 Sent: Tuesday, March 15, 2011 11:25 AM
 To: packetfence-users@lists.sourceforge.net
 Subject: Re: [Packetfence-users] DHCP Question

 Hello David,

 Ok, first thing to check is your ip definition in networks.conf ( under 
 /usr/local/pf/conf ) , PF will regenerate any dhcpd settings based on the 
 info included in this file every time you will restart PF daemon.
 Then, adjust your ip in your named template to answers correctly your
 dns request... ( /usr/local/pf/conf/template/   files:
 named-isolation.ca and named-registration.ca, validate the ip there to 
 reflect yours... )

   From that point, you should be good to restart PF and validate that 
 the DHCPD daemon is now listening on your isolation and registration 
 network interface correctly... ( /etc/init.d/packetfence restart  or 
 service packetfence restart )

 points to keep in mind:
 - PF come with the latest stable version of dhcpd and named, no needs to 
 configure or install these daemons included in your Linux distribution...
 - make it work before adding more security to it : disable iptables for 
 testing, re-enable it when you'll be ready for your final tests...

 Regards,
 M-A

 Le 11-03-15 10:19, Palmer, David W. a écrit :
 Hello All,

 I am currently working on testing packetfence vs several commercial 
 NAC solutions. However, I am having an issue getting DHCPD to start. 
 I receive this error:

 

 No subnet declaration for eth0 (172.28.4.74).

 ** Ignoring requests on eth0.  If this is not what

 you want, please write a subnet declaration

 in your dhcpd.conf file for the network segment

 to which interface eth0 is attached. **

 Not configured to listen on any interfaces!

 

 What I have gathered is that I need to configure my registration
 (10.28.4.0) and isolation (10.28.5.0) subnets inside of my dhcpd.conf 
 file. What I am wondering is if I do this inside of the 
 /etc/dhcpd.conf or is there a template inside of the pf directory?
 What should the subnet configuration look like?

 Thank you,

 David


 -
 -
 
 Colocation vs. Managed Hosting
 A question and answer guide to determining the best fit for your 
 organization - today and in the future.
 http://p.sf.net/sfu/internap-sfd2d


 ___
 Packetfence-users mailing list
 Packetfence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Create and publish

Re: [Packetfence-users] DHCP Question

[Francois Gaudreault]

David,

Yes they need to be there with the internal keyword.   You might also 
want to have a look to your iptables and trunk settings.

On 11-05-19 10:02 AM, Palmer, David W. wrote:
 I did this and it looks like dhcp is running but I am not getting an IP even 
 when assigning the vlan manually in the switch. After doing some looking 
 around I noticed that the pf.conf file has eth0 declared but not eth0.4 and 
 eth0.5 (registration and isolation interfaces). Do I also have to add them 
 here?

 Thanks,

 David

 -Original Message-
 From: Marc-André Jutras [mailto:mjut...@inverse.ca]
 Sent: Thursday, March 31, 2011 10:41 AM
 To: packetfence-users@lists.sourceforge.net
 Subject: Re: [Packetfence-users] DHCP Question

 David,

 Unfortunately, you will have to set the vlan manually. Those are normally 
 configured in :

 /etc/sysconfig/network-script/ifcfg-ethX.Y( where X = interface
 number: eth0, eth1, eth2...  and Y is the vlan number... )

 example of ifcfg-eth0

 DESCRIPTION=MANAGEMENT_INTERAFCE
 DEVICE=eth0
 BOOTPROTO=none
 ONBOOT=yes
 HWADDR=THE:MAC:ADD:OF:YOUR:NIC
 TYPE=Ethernet
 NETMASK=255.255.255.0
 IPADDR=172.16.1.5
 USERCTL=no
 IPV6INIT=no


 example of ifcfg-eth0.5
 DESCRIPTION=REGISTRATION_INTERFACE
 VLAN=yes
 DEVICE=eth0.5
 BOOTPROTO=static
 ONBOOT=yes
 TYPE=Ethernet
 IPADDR=172.16.5.5
 NETMASK=255.255.255.0


 Regards,
 M-A


 Le 11-03-30 11:10, Palmer, David W. a écrit :
 Ok,

 So I went through and re-installed the system and to make sure that DHCP and 
 named were correctly pulled down with packetfence-complete package.

 Now the issue that I am running into when starting packetfence is DHCP
 is not starting correctly. I believe that I need to setup 802.1Q
 interfaces on the packetfence server. My question is does Packetfence
 do this for me or is this something I need to create


 Here is my networks.conf:

 [10.28.4.0]
 type=registration
 netmask=255.255.255.0
 gateway=10.28.4.2
 pf_gateway=
 named=enabled
 domain-name=registration.cazenovia.edu
 dns=10.28.4.2
 dhcpd=enabled
 dhcp_start=10.28.4.10
 dhcp_end=10.28.4.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300

 [10.28.5.0]
 type=isolation
 netmask=255.255.255.0
 gateway=10.24.5.2
 pf_gateway=
 named=enabled
 domain-name=isolation.cazenovia.edu
 dns=10.24.5.2
 dhcpd=enabled
 dhcp_start=10.28.5.10
 dhcp_end=10.28.5.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300


 Thanks,

 David



 -Original Message-
 From: Marc-André Jutras [mailto:mjut...@inverse.ca]
 Sent: Tuesday, March 15, 2011 11:25 AM
 To: packetfence-users@lists.sourceforge.net
 Subject: Re: [Packetfence-users] DHCP Question

 Hello David,

 Ok, first thing to check is your ip definition in networks.conf ( under 
 /usr/local/pf/conf ) , PF will regenerate any dhcpd settings based on the 
 info included in this file every time you will restart PF daemon.
 Then, adjust your ip in your named template to answers correctly your
 dns request... ( /usr/local/pf/conf/template/   files:
 named-isolation.ca and named-registration.ca, validate the ip there to
 reflect yours... )

From that point, you should be good to restart PF and validate that
 the DHCPD daemon is now listening on your isolation and registration
 network interface correctly... ( /etc/init.d/packetfence restart  or
 service packetfence restart )

 points to keep in mind:
 - PF come with the latest stable version of dhcpd and named, no needs to 
 configure or install these daemons included in your Linux distribution...
 - make it work before adding more security to it : disable iptables for 
 testing, re-enable it when you'll be ready for your final tests...

 Regards,
 M-A

 Le 11-03-15 10:19, Palmer, David W. a écrit :
 Hello All,

 I am currently working on testing packetfence vs several commercial
 NAC solutions. However, I am having an issue getting DHCPD to start.
 I receive this error:

 

 No subnet declaration for eth0 (172.28.4.74).

 ** Ignoring requests on eth0.  If this is not what

  you want, please write a subnet declaration

  in your dhcpd.conf file for the network segment

  to which interface eth0 is attached. **

 Not configured to listen on any interfaces!

 

 What I have gathered is that I need to configure my registration
 (10.28.4.0) and isolation (10.28.5.0) subnets inside of my dhcpd.conf
 file. What I am wondering is if I do this inside of the
 /etc/dhcpd.conf or is there a template inside of the pf directory?
 What should the subnet configuration look like?

 Thank you,

 David


 -
 -
 
 Colocation vs. Managed Hosting
 A question and answer guide to determining the best fit for your
 organization - today and in the future.
 http://p.sf.net/sfu/internap-sfd2d


 ___
 Packetfence-users

Re: [Packetfence-users] DHCP Question

[Marc-André Jutras]

David,

Unfortunately, you will have to set the vlan manually. Those are 
normally configured in :

/etc/sysconfig/network-script/ifcfg-ethX.Y( where X = interface 
number: eth0, eth1, eth2...  and Y is the vlan number... )

example of ifcfg-eth0

DESCRIPTION=MANAGEMENT_INTERAFCE
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=THE:MAC:ADD:OF:YOUR:NIC
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=172.16.1.5
USERCTL=no
IPV6INIT=no


example of ifcfg-eth0.5
DESCRIPTION=REGISTRATION_INTERFACE
VLAN=yes
DEVICE=eth0.5
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=172.16.5.5
NETMASK=255.255.255.0


Regards,
M-A


Le 11-03-30 11:10, Palmer, David W. a écrit :
 Ok,

 So I went through and re-installed the system and to make sure that DHCP and 
 named were correctly pulled down with packetfence-complete package.

 Now the issue that I am running into when starting packetfence is DHCP is not 
 starting correctly. I believe that I need to setup 802.1Q interfaces on the 
 packetfence server. My question is does Packetfence do this for me or is this 
 something I need to create


 Here is my networks.conf:

 [10.28.4.0]
 type=registration
 netmask=255.255.255.0
 gateway=10.28.4.2
 pf_gateway=
 named=enabled
 domain-name=registration.cazenovia.edu
 dns=10.28.4.2
 dhcpd=enabled
 dhcp_start=10.28.4.10
 dhcp_end=10.28.4.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300

 [10.28.5.0]
 type=isolation
 netmask=255.255.255.0
 gateway=10.24.5.2
 pf_gateway=
 named=enabled
 domain-name=isolation.cazenovia.edu
 dns=10.24.5.2
 dhcpd=enabled
 dhcp_start=10.28.5.10
 dhcp_end=10.28.5.254
 dhcp_default_lease_time=300
 dhcp_max_lease_time=300


 Thanks,

 David



 -Original Message-
 From: Marc-André Jutras [mailto:mjut...@inverse.ca]
 Sent: Tuesday, March 15, 2011 11:25 AM
 To: packetfence-users@lists.sourceforge.net
 Subject: Re: [Packetfence-users] DHCP Question

 Hello David,

 Ok, first thing to check is your ip definition in networks.conf ( under 
 /usr/local/pf/conf ) , PF will regenerate any dhcpd settings based on the 
 info included in this file every time you will restart PF daemon.
 Then, adjust your ip in your named template to answers correctly your
 dns request... ( /usr/local/pf/conf/template/   files:
 named-isolation.ca and named-registration.ca, validate the ip there to 
 reflect yours... )

   From that point, you should be good to restart PF and validate that the 
 DHCPD daemon is now listening on your isolation and registration network 
 interface correctly... ( /etc/init.d/packetfence restart  or service 
 packetfence restart )

 points to keep in mind:
 - PF come with the latest stable version of dhcpd and named, no needs to 
 configure or install these daemons included in your Linux distribution...
 - make it work before adding more security to it : disable iptables for 
 testing, re-enable it when you'll be ready for your final tests...

 Regards,
 M-A

 Le 11-03-15 10:19, Palmer, David W. a écrit :
 Hello All,

 I am currently working on testing packetfence vs several commercial
 NAC solutions. However, I am having an issue getting DHCPD to start. I
 receive this error:

 

 No subnet declaration for eth0 (172.28.4.74).

 ** Ignoring requests on eth0.  If this is not what

 you want, please write a subnet declaration

 in your dhcpd.conf file for the network segment

 to which interface eth0 is attached. **

 Not configured to listen on any interfaces!

 

 What I have gathered is that I need to configure my registration
 (10.28.4.0) and isolation (10.28.5.0) subnets inside of my dhcpd.conf
 file. What I am wondering is if I do this inside of the
 /etc/dhcpd.conf or is there a template inside of the pf directory?
 What should the subnet configuration look like?

 Thank you,

 David


 --
 
 Colocation vs. Managed Hosting
 A question and answer guide to determining the best fit for your
 organization - today and in the future.
 http://p.sf.net/sfu/internap-sfd2d


 ___
 Packetfence-users mailing list
 Packetfence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Question

[Palmer, David W.]

Ok,

So I went through and re-installed the system and to make sure that DHCP and 
named were correctly pulled down with packetfence-complete package. 

Now the issue that I am running into when starting packetfence is DHCP is not 
starting correctly. I believe that I need to setup 802.1Q interfaces on the 
packetfence server. My question is does Packetfence do this for me or is this 
something I need to create


Here is my networks.conf:

[10.28.4.0]
type=registration
netmask=255.255.255.0
gateway=10.28.4.2
pf_gateway=
named=enabled
domain-name=registration.cazenovia.edu
dns=10.28.4.2
dhcpd=enabled
dhcp_start=10.28.4.10
dhcp_end=10.28.4.254
dhcp_default_lease_time=300
dhcp_max_lease_time=300

[10.28.5.0]
type=isolation
netmask=255.255.255.0
gateway=10.24.5.2
pf_gateway=
named=enabled
domain-name=isolation.cazenovia.edu
dns=10.24.5.2
dhcpd=enabled
dhcp_start=10.28.5.10
dhcp_end=10.28.5.254
dhcp_default_lease_time=300
dhcp_max_lease_time=300


Thanks,

David



-Original Message-
From: Marc-André Jutras [mailto:mjut...@inverse.ca] 
Sent: Tuesday, March 15, 2011 11:25 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] DHCP Question

Hello David,

Ok, first thing to check is your ip definition in networks.conf ( under 
/usr/local/pf/conf ) , PF will regenerate any dhcpd settings based on the info 
included in this file every time you will restart PF daemon.  
Then, adjust your ip in your named template to answers correctly your 
dns request... ( /usr/local/pf/conf/template/   files: 
named-isolation.ca and named-registration.ca, validate the ip there to reflect 
yours... )

 From that point, you should be good to restart PF and validate that the DHCPD 
daemon is now listening on your isolation and registration network interface 
correctly... ( /etc/init.d/packetfence restart  or service packetfence restart )

points to keep in mind:
- PF come with the latest stable version of dhcpd and named, no needs to 
configure or install these daemons included in your Linux distribution...
- make it work before adding more security to it : disable iptables for 
testing, re-enable it when you'll be ready for your final tests...

Regards,
M-A

Le 11-03-15 10:19, Palmer, David W. a écrit :

 Hello All,

 I am currently working on testing packetfence vs several commercial 
 NAC solutions. However, I am having an issue getting DHCPD to start. I 
 receive this error:

 

 No subnet declaration for eth0 (172.28.4.74).

 ** Ignoring requests on eth0.  If this is not what

you want, please write a subnet declaration

in your dhcpd.conf file for the network segment

to which interface eth0 is attached. **

 Not configured to listen on any interfaces!

 

 What I have gathered is that I need to configure my registration
 (10.28.4.0) and isolation (10.28.5.0) subnets inside of my dhcpd.conf 
 file. What I am wondering is if I do this inside of the 
 /etc/dhcpd.conf or is there a template inside of the pf directory?
 What should the subnet configuration look like?

 Thank you,

 David


 --
 
 Colocation vs. Managed Hosting
 A question and answer guide to determining the best fit for your 
 organization - today and in the future.
 http://p.sf.net/sfu/internap-sfd2d


 ___
 Packetfence-users mailing list
 Packetfence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Marc-Andre Jutras, Project manager - Inverse inc.
mjut...@inverse.ca :: +1.514.447.4918 (x110) :: http://www.inverse.ca Leaders 
behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)


--
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] dhcp problem in packetfence

[Francois Gaudreault]

  Adi,

If you hook a PC on the 2950B on a switchport that is on your production 
VLAN, are you able to get an IP?  If not, please review your trunk 
configuration.

So to test :
- Put a switchport into the registration vlan on 2950B, and check if you 
receive an IP.
- Put a switchport into the production vlan on 2950B, and check if you 
receive an IP.

In both cases, your trunk is likely to be the problem.

-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


--
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] dhcp problem in packetfence

[Adi Ariyanto]

If you hook a PC on the 2950B on a switchport that is on your production
VLAN, are you able to get an IP?  If not, please review your trunk
configuration.--yes it will be get an dhcp IP from PF(if the PC is not
registered, but if the PC already registered(register via GUI or I input
directly to mysql database) it will get IP from my win2003 dhcp server

 

So to test :

- Put a switchport into the registration vlan on 2950B, and check if you
receive an IP.--yes,if I test place the pc into registration vlan the
pc will get dhcp ip from PF.all switchport in 2950A and 2950B has
default vlan 41, the production vlan is vlan 41. when a new pc hook to
2950A or 2950B,PF will place the new PC into vlan 4(registration) then
after registration,PF will place the new PC into vlan production/default
vlan again which is 41.

 

- Put a switchport into the production vlan on 2950B, and check if you
receive an IP.--yes it comes from PF dhcp server first because if there
is new PC mac address on PF database, PF will move the PC into
registration vlan to make the pc register first.

 

2950A and 2950B I believe have the same trunk configuration  because
both switch already run for several years, and fyi in switch 2950B,PF
was able to change mac address on one switchport I think it mean the
trap is already run,but its failure on vlan changing, does the
difference IOS version on both switch cause this ?

Regards,

Adi Ariyanto


The above message is for the intended recipient only and may contain 
confidential information and/or may be subject to legal privilege. If you are 
not the intended recipient, you are hereby notified that any dissemination, 
distribution, or copying of this message, or any attachment, is strictly 
prohibited. If it has reached you in error please inform us immediately by 
reply e-mail or telephone, reversing the charge if necessary. Please delete the 
message and the reply (if it contains the original message) thereafter. Thank 
you.
--
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] dhcp problem in packetfence

[Melcher, Kerry]

What does your LAN design look like for VLANs and trunking between the two 2950 
switches and PF?  Is PF providing the DHCP service for the default vlan or do 
you have another server that is providing DHCP service for the default VLAN?  
 
If you have a trunk interface setup between the two 2950 switches check the 
config on the trunk interface of both switches to see that they match.  I ran 
into a similar problem with a router and a switch with a trunk interface.  The 
router interface for the default vlan was setup as Native and the switch trunk 
port for the default vlan was not setup for native.  
 
Kerry Melcher
Supervisor of Network Services
South Kitsap School District
Phone: 360-874-7031



From: Adi Ariyanto [mailto:adi_ariya...@aprilasia.com]
Sent: Tue 1/11/2011 8:37 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] dhcp problem in packetfence



After I Check IOS c2950A and c2950B

There is a different IOS version

C2950A

C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4

 

C2950B

Cisco Internetwork Operating System Software

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1b,

 

Is there any bug cause by ios difference ?

Regards,

Adi Ariyanto

IT/IS

Asia Pacific Resources International Holdings Ltd (APRIL)

Office : +62 761 491823

Phone: +62 82172517567

 

About APRIL (www.aprilasia.com http://www.aprilasia.com/ ) 

Don't tell your GOD how big is your problem, but tell your problem how BIG is 
your GOD

 

APRIL is:

§  Member, World Business Council for Sustainable Development (WBCSD)

§  Signatory, UN Global Compact

§  Strategic Partner, UNEP Champions of the Earth Award 2008

§  Founding Member, UN FAO Fire Management Actions Alliance

§  Green PROPER Rating Indonesian Ministry of Environment 2006-2007

 

APRIL, with offices worldwide and operations in Indonesia and China, is a 
leading producer of fiber, pulp and paper. APRIL operates one of the world's 
largest pulp mills with an annual production capacity of 2,000,000 tonnes in 
Indonesia. The company is committed to protecting the natural resources in its 
care through sustainable management of its mills and plantation operations to 
benefit our stakeholders, both now and in the future

 



From: Adi Ariyanto [mailto:adi_ariya...@aprilasia.com] 
Sent: Wednesday, January 12, 2011 11:11 AM
To: packetfence-users@lists.sourceforge.net
Subject: [Packetfence-users] dhcp problem in packetfence

 

Hi everyone

i need some advice what is wrong with my packetfence

I have 2 switch c2950,let say 2950A and 2950B

When I connect new PC to 2950A, the PC will get dhcp from PF then after 
registration it will be place new PC on its default VLAN

But if I connect new PC to 2950B, the PC don't get dhcp from PF

If the problem is with PF dhcp, why it can get dhcp address when it connect to 
2950A ?

I run /usr/local/pf/test/connect_and_read.pl and there is no error

 

 

 

Regards,

Adi Ariyanto

IT/IS

Asia Pacific Resources International Holdings Ltd (APRIL)

Office : +62 761 491823

Phone: +62 82172517567

 

About APRIL (www.aprilasia.com http://www.aprilasia.com/ ) 

Don't tell your GOD how big is your problem, but tell your problem how BIG is 
your GOD

 

APRIL is:

§  Member, World Business Council for Sustainable Development (WBCSD)

§  Signatory, UN Global Compact

§  Strategic Partner, UNEP Champions of the Earth Award 2008

§  Founding Member, UN FAO Fire Management Actions Alliance

§  Green PROPER Rating Indonesian Ministry of Environment 2006-2007

 

APRIL, with offices worldwide and operations in Indonesia and China, is a 
leading producer of fiber, pulp and paper. APRIL operates one of the world's 
largest pulp mills with an annual production capacity of 2,000,000 tonnes in 
Indonesia. The company is committed to protecting the natural resources in its 
care through sustainable management of its mills and plantation operations to 
benefit our stakeholders, both now and in the future

 


The above message is for the intended recipient only and may contain 
confidential information and/or may be subject to legal privilege. If you are 
not the intended recipient, you are hereby notified that any dissemination, 
distribution, or copying of this message, or any attachment, is strictly 
prohibited. If it has reached you in error please inform us immediately by 
reply e-mail or telephone, reversing the charge if necessary. Please delete the 
message and the reply (if it contains the original message) thereafter. Thank 
you.   ­­  


The above message is for the intended recipient only and may contain 
confidential information and/or may be subject to legal privilege. If you are 
not the intended recipient, you are hereby notified that any dissemination, 
distribution, or copying of this message, or any attachment, is strictly

Re: [Packetfence-users] DHCP Fingerprints

[Olivier Bilodeau]

Hi Andrew,

 I don't want to auto-register routers is there a way to fix this?

Because of the fingerprint collision and the fact that we don't look at 
the Vendor code there is nothing you can do to automatically register them.

I filed a feature request to support the DHCP Vendor code:
#1060: pfdhcplistener: DHCP Vendor support
http://www.packetfence.org/bugs/view.php?id=1060

If you want you can sponsor it at a competitive RD rate, you can try to 
develop it yourself and we will help (on -devel) or you can try to 
integrate with another tool that would run pfcmd manage register when 
an Xbox fingerprint would be seen on the wire.

Remember that all of this is spoofable with the right knowledge so 
someone could fake being an Xbox only to gain access. But, I haven't 
seen a tool that does so yet (one would need to configure their dhclient 
to send matching options).

Cheers!
-- 
Olivier Bilodeau
obilod...@inverse.ca  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Fingerprints

[Andrew Niemantsverdriet]

Olivier,

What I have come up with is a web page that allows the students to
register manually.  It authenticates against our LDAP directory and we
are testing it right now. It works out better this way as we still can
have a user name tied to the MAC. The only down side is that we have a
couple more support calls to tell people how to manually register
their xboxs.

Thanks,
 _
/-\ ndrew



On Wed, Sep 8, 2010 at 10:23 AM, Olivier Bilodeau obilod...@inverse.ca wrote:
 Hi Andrew,

 I don't want to auto-register routers is there a way to fix this?

 Because of the fingerprint collision and the fact that we don't look at
 the Vendor code there is nothing you can do to automatically register them.

 I filed a feature request to support the DHCP Vendor code:
 #1060: pfdhcplistener: DHCP Vendor support
 http://www.packetfence.org/bugs/view.php?id=1060

 If you want you can sponsor it at a competitive RD rate, you can try to
 develop it yourself and we will help (on -devel) or you can try to
 integrate with another tool that would run pfcmd manage register when
 an Xbox fingerprint would be seen on the wire.

 Remember that all of this is spoofable with the right knowledge so
 someone could fake being an Xbox only to gain access. But, I haven't
 seen a tool that does so yet (one would need to configure their dhclient
 to send matching options).

 Cheers!
 --
 Olivier Bilodeau
 obilod...@inverse.ca  ::  +1.514.447.4918 *115  ::  www.inverse.ca
 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
 (www.packetfence.org)

 --
 This SF.net Dev2Dev email is sponsored by:

 Show off your parallel programming skills.
 Enter the Intel(R) Threading Challenge 2010.
 http://p.sf.net/sfu/intel-thread-sfd
 ___
 Packetfence-users mailing list
 Packetfence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users




-- 
 _
/-\ ndrew Niemantsverdriet
Academic Computing
(406) 238-7360
Rocky Mountain College
1511 Poly Dr.
Billings MT, 59102

--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [Packetfence-users] DHCP Listner keeps stopping

[Kurtis Drefs]

Minutes after I submitted this the 1.9 release came out. I have upgraded
and will see if the problem persists.

--
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users