Re: [PacketFence-users] DHCP forwarding required?

2017-09-05 Thread Jonathan Hornby via PacketFence-users 
Good day

I am trying to setup packetfence to act as a captive portal on a routed 
network. I have many different end user sites which all sit on my routed 
service provider network. I want to run the packetfence server centrally in 
conjunction with my Ruckus virtual SmartZone controller as the wireless and 
captive portal solution. 

My problem is that Packetfence seems to want DHCP requests either tunneled to 
itself, or forwards by means of a DHCP relay, so that Packetfence itself can be 
the DHCP server to all devices which will authenticate to it. I really need the 
DHCP function to remain on each respective local DHCP server at each site.

So my question is, is packetfence just wanting to know the MAC address related 
to each IP address for internal authentication purposes? Or does packet fence 
actually require itself to be the DHCP server? Should the former be true, how 
do I set it up to work this was without Packetfence acutally being the DHCP 
server?
OR, if the latter is true, then how can I set Packetfence DHCP server up to 
know which pool/gateway/DHCP options to offer based on the SSID which the 
device came through, as I need to offer devices the correct DHCP settings on 
their own subnet based on the site that they are at.

Please let me know if anything is unclear so that I can clarify.

Thank you
Jonathan


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence works with core switch but not with attached AP

2017-09-05 Thread Spencer Hazell via PacketFence-users 
Hi,

I spent a long time but have finally configured my HP 1920 (using H3C::S5120) 
and it is working well for port connected devices.  However I have VigorAP902 
access point, which appears to not be supported.  I should mention I'm using 
out of band vlan enforcement with my HP switch.

Is it possible that the Access Point that connects to my working switch can be 
configured in a way that uses the configuration from my switch and the AP can 
act as a dumb/transparent device?  I.E vlan assignment/deauthentication is done 
by the HP switch and not the AP.

If not, what are my options?

Thanks
Spencer
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error on packetfence

2017-09-05 Thread Spencer Hazell via PacketFence-users 
What do the logs say:

tail -f /usr/local/pf/logs/packetfence.log



Spencer Hazell



[MD final master logos-02]

[cid:image002.jpg@01D22ABC.9B34C230]


From: Shahram Wali via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: 05 September 2017 05:25
To: packetfence-users@lists.sourceforge.net
Cc: Shahram Wali 
Subject: [PacketFence-users] Error on packetfence

Dear Sir/Madam,

We have worked on Packetfence 802.1x Wired authentication, checked and tested 
on LAB with the Cisco Switch 3750-x and the 800 series Cisco Router for the 
Public/internet connectivity. We have enabled the Radius server configuration 
on Cisco Switch (Authenticator) and the RADIUS server service on Packetfence as 
the authentication server for the Supplicants(clients), as the RADIUS server is 
mandatory in order to give access to the network, and Wired 802.1X all require 
a RADIUS server to authenticate the users and the devices, and then to push the 
proper roles or VLAN attributes to the network equipment.

The radius authentication enabled, we have created the local username/password 
in PF for the Test, in order to be authenticated through browser, during the 
process of enabling network access we faced with the error message like, unable 
to detect network connectivity, it could not redirect us to the global sites, 
kindly have the attached Screenshots.


Thank you,
Best Regards


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence works with core switch but not with attached AP

2017-09-05 Thread Fabrice Durand via PacketFence-users 
Hello Spencer,

it looks that your AP can do 802.1x but mac auth i am not sure.

Also the switch must support multi auth in order to authenticate all the
mac address.

Lat thing you can do is to enable floating device in packetfence and
return an inline vlan in order to authenticate each devices on a portal.

Regards

Fabrice



Le 2017-09-05 à 06:49, Spencer Hazell via PacketFence-users a écrit :
>
> Hi,
>
>  
>
> I spent a long time but have finally configured my HP 1920 (using
> H3C::S5120) and it is working well for port connected devices. 
> However I have VigorAP902 access point, which appears to not be
> supported.  I should mention I’m using out of band vlan enforcement
> with my HP switch.
>
>  
>
> Is it possible that the Access Point that connects to my working
> switch can be configured in a way that uses the configuration from my
> switch and the AP can act as a dumb/transparent device?  I.E vlan
> assignment/deauthentication is done by the HP switch and not the AP.
>
>  
>
> If not, what are my options?
>
>  
>
> Thanks
>
> Spencer
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] LDAP authentication

2017-09-05 Thread Luís Torres via PacketFence-users 
 

Hello, 

just setup aswell to user authentication on captive portal
to ldap. But I got this error when I login on the portal: 

"you do not
have the permission to register a device with this username" 

where can
I change the "permissions" for all authenticated ldap users, in order to
add devices? 

Regards 
 --
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Connection profile - advance filter

2017-09-05 Thread Luís Torres via PacketFence-users 
 

Thank you 

LT 

Em 2017-09-05 13:51, Fabrice Durand via
PacketFence-users escreveu: 

> Hello Luís, 
> 
> just add 2 rules in
you email source, one for corporate email address and another like
catch_all. 
> 
> Something like user_email match corporate.acme -> set
the role ... 
> 
> Regards 
> 
> Fabrice 
> 
> Le 2017-09-05 à 05:19,
Luís Torres via PacketFence-users a écrit : 
> 
>> Hello, 
>> 
>> can
you guide me on this? I want to have two diferent ways to validate
people on the same ssid. 
>> 
>> The idea is, email validation only but
somehow, who validates through company email gets 6months freenet, any
others that arent get only 1 day. 
>> 
>> Is this possible? 
>> 
>>
cheers 
>> 
>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
> 
>
-- 
> Fabrice Durand
> fdur...@inverse.ca :: +1.514.447.4918 (x135) ::
www.inverse.ca [3]
> Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu [4]) and PacketFence (http://packetfence.org [5]) 
>

>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users
mailing list
> PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]




Links:
--
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[3]
http://www.inverse.ca
[4] http://www.sogo.nu
[5] http://packetfence.org
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users