Re: [PacketFence-users] dot1x fallback to web auth?

Hello Ali, on cisco switches, yes it's possible to do that. Regards Fabrice Le 19-03-29 à 23 h 05, Amjad Ali via PacketFence-users a écrit : Hi All, Just a quick question, would it be possible to have fallback mechanism to web auth if dot1x or MAC authentication fails on a switch port?

Re: [PacketFence-users] Google Auth Problems

Hello Andrew, do you have a captive portal ? It's mandatory if you want to authenticate with google auth. Regards Fabrice Le 19-03-26 à 09 h 27, Lierman, Andrew via PacketFence-users a écrit : I have Google Auth setup and working, but when I try to use it for Guests to register on my Wifi,

Re: [PacketFence-users] EAP Authentication + LDAP

Hello Felipe, Le 19-03-25 à 17 h 03, Felipe Rodrigues a écrit : Hi Fabrice, Thank you for the answer! I will try that soon. Just for curious: Is it possible to do this integration in the web interface? not yet but but nothing really hard to add. Regards Fabrice

Re: [PacketFence-users] DNS resolution not working

Hello Eric, just edit /etc/resolv.conf and set the dns server you want to use, like: nameserver 8.8.8.8 Regards Fabrice Le 19-03-25 à 20 h 17, Eric Rolleman via PacketFence-users a écrit : I followed the instruction: echo "[main] dns=none" > /etc/NetworkManager/conf.d/99-no-dns.conf Now

Re: [PacketFence-users] PacketFence cisco-avpair ip-inacl

Hello Carlos, the correct syntax is this one: answer1 = Cisco-AVPair => ip:inacl#190=deny ip any 153.144.129.128 0.0.0.127;ip:inacl#200=deny ip any 153.144.27.0 0.0.0.255;ip:inacl#210=permit ip any any; Regards Fabrice Le 19-03-06 à 11 h 12, Carlos Wetli via PacketFence-users a écrit :

Re: [PacketFence-users] Vlan Assignemnt via Port

Hello Silvester, you are in the correct way, you just need to change the position of you connection profile to match first. Regards Fabrice Le 19-03-19 à 10 h 51, Silvester Schattauer via PacketFence-users a écrit : Hey List, it is me again with another issue i cannot figure out myself.

Re: [PacketFence-users] Password Of The Day

Hello John, you can use a null source with email as mandatory or Kickbox source. Regards Fabrice Le 19-03-13 à 09 h 18, John Sayce via PacketFence-users a écrit : I've spun up an 8.3.0 instance and I'm just doing some testing. I think the password of the day feature has remained roughly

Re: [PacketFence-users] NTLM Caching

Hello Max, i found that where you can troubleshoot the error 0x2105 (8453). https://www.itprotoday.com/active-directory/identifying-and-solving-active-directory-replication-problems Regards Fabrice Le 19-03-01 à 16 h 37, Max McGrath via PacketFence-users a écrit : Hello! I'm working on

Re: [PacketFence-users] COA on Meru

Here we go: cd  /usr/local/pf curl https://github.com/inverse-inc/packetfence/compare/feature/meru_coa.diff | patch -p1 then restart packetfence Regards Fabrice Le 19-02-28 à 18 h 42, Durand fabrice via PacketFence-users a écrit : Hello Erwin, i will provide you a patch to test

Re: [PacketFence-users] COA on Meru

Hello Erwin, i will provide you a patch to test. Regards Fabrice Le 19-02-28 à 17 h 47, Erwin via PacketFence-users a écrit : Hello, I would like to know if is possible to try to use the MERU:MC module with COA. From 8.3.3 version, it is supported in Meru controllers, as reported in the

Re: [PacketFence-users] PacketFence 8.3 / no more username and password sent via email

Hello Nicolas, run /usr/local/pf/addons/pf-maint.pl and restart PacketFence, you should be ok. Regards Fabrice Le 19-02-28 à 15 h 11, dev--- via PacketFence-users a écrit : Hi ! I just migrated from PF 8.1 to 8.3. I think I have followed correctly the upgrade guide:

Re: [PacketFence-users] VOIP Troubles with Dell Switches

Hello Peter, you can try that https://github.com/inverse-inc/packetfence/compare/feature/DELL_lldp.diff It add a better voip support for the Dell switches. cd /usr/local/pf curl https://github.com/inverse-inc/packetfence/compare/feature/DELL_lldp.diff | patch -p1 --dry-run if no errors

Re: [PacketFence-users] Error! Can't connect to server or bind with ....

Hello Ismail, fix the bindn and the password. Also use adsiedit.msc on the AD to find the dn of the user then just copy and paste. Regards Fabrice Le 19-02-27 à 12 h 22, Ismail Yushaw via PacketFence-users a écrit : Hi Guys, I have been trying to an AD source using a production AD with

Re: [PacketFence-users] access issue with 802.1x & mac-auth

figure it out. For that you will need to send a copy of the production dhcp traffic to packetfence then you will be able to do some wmi scan. Regards Fabrice *Von:* Durand fabrice via PacketFence-users *Gesendet:* M

Re: [PacketFence-users] Can't start pfdetect and create syslog parser

Hello, you need to enable pfdetect in the packetfence config. Go here: https://pf_ip:1443/admin/configuration#configuration/main/services then check pfdetect After that do: /usr/local/pf/bin/pfcmd service pf start For the error, are you using the latest version of PacketFence ? Regards

Re: [PacketFence-users] Modifying Captive Portal Text

need to do to make the change effective? On Mon, Feb 25, 2019 at 3:13 PM Durand fabrice <mailto:fdur...@inverse.ca>> wrote: Ok so you need to modify the msgstr and keep the original string in msgid. Regards Fabrice Le 19-02-25 à 16 h 12, Lierman, Andrew a écrit :

Re: [PacketFence-users] Modifying Captive Portal Text

etfence.po Unless I am supposed to add something in the msgstr ?? On Mon, Feb 25, 2019 at 2:46 PM Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Andrew, this is the only place where you have to change the string. What

Re: [PacketFence-users] Compliance. Frequency of scans

/19 18:57, Durand fabrice via PacketFence-users ha scritto: Hello Enrico, after registration needs to be trigger by something and in your case it can be a dhcp packet. So let's say your lease time is 1 week then the scan will be trigger each week. Or you can add the violation by script: pfcmd

Re: [PacketFence-users] Modifying Captive Portal Text

Hello Andrew, this is the only place where you have to change the string. What did you do exactly in the po file ? Regards Fabrice Le 19-02-22 à 09 h 14, Lierman, Andrew via PacketFence-users a écrit : I am looking to changing the following text on the Guest Email page:  " After

Re: [PacketFence-users] AD authentication problem - Logon Workstation

Hello saskatooner, can you run raddebug and paste the result ? raddebug -f /usr/local/pf/var/run/radiusd.cock -t 3000 Regards Fabrice Le 19-02-23 à 01 h 50, saskatooner Canada via PacketFence-users a écrit : Hi I have pf joint to my active directory. everything works well but when on my

Re: [PacketFence-users] access issue with 802.1x & mac-auth

Hello Silvester, Le 19-02-25 à 04 h 22, Silvester Schattauer via PacketFence-users a écrit : Hey people, I am stuck and cannot find anything that really helps me solve my issue(s). What do i want to achieve?: The main goal is to set up packetfence to use certificates for

Re: [PacketFence-users] Nodes IP Address won't update after registration

Hello Eran, you need to tell to packetfence what is the new address of the device. There is 2 solutions: - Add a ip-helper address to packetfence on the gateway of the user vlan (but don't remove the existing one). - Use the dhcp remote sensor on your dhcp server

Re: [PacketFence-users] Compliance. Frequency of scans

Hello Enrico, after registration needs to be trigger by something and in your case it can be a dhcp packet. So let's say your lease time is 1 week then the scan will be trigger each week. Or you can add the violation by script: pfcmd violation add 00:11:22:33:44:55 117 Regards

Re: [PacketFence-users] Current Suricata Integration Workflow?

Hello Christian, the port is open in iptables but does rsyslog listen on the port 514 ? do you have that is /etc/rsyslog.conf: $ModLoad imudp $UDPServerRun 514 and also what about: cat "pipe file" do you see something like suricata alerts ? If yes then you can start to configure a

Re: [PacketFence-users] ZEN error in RADIUS audit log

Hello Sean, it will be better to join the server to the AD from the admin gui and link the default realm to the domain you just create. It will create a chroot for the domain and use the chroot to authenticate the user. Regards Fabrice Le 19-02-21 à 18 h 16, Sean Hunter via

Re: [PacketFence-users] eap-tls machine authentication against AD

us_acct= ldap_source=CWE Am Di., 19. Feb. 2019 um 03:28 Uhr schrieb Durand fabrice via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>>: Hello Carlos, my remark below. Le 19-02-18 à 09 h 04, Carlos Wetli via PacketFence-users a

Re: [PacketFence-users] MSCHAPv2 Reject only on one access point?

? No there is no rate limiting. On Tue, Feb 19, 2019 at 8:52 PM Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Christian, what you can do is to run radius in debug mode: raddebug -r /usr/local/pf/var/run/radiusd.soc

Re: [PacketFence-users] MSCHAPv2 Reject only on one access point?

(1) and output 'The attempted logon is invalid. Does Active Directory place limits on NTLM authentication? Some sort of rate-limiting? On Tue, Feb 19, 2019 at 8:52 PM Durand fabrice via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Christian,

Re: [PacketFence-users] MSCHAPv2 Reject only on one access point?

Hello Christian, what you can do is to run radius in debug mode: raddebug -r /usr/local/pf/var/run/radiusd.sock > /root/radius.debug Then try the bogus AP and try with another one and check the debug and search for the line where freeradius call ntlm_auth and see if the output is the same.

Re: [PacketFence-users] Assigning role based on Active Directory name

Hello Adrian, in my opinion it will be easier to have only one authentication sources but 3 rules. Something like: Base DN : OU=Utilisateurs,OU=Maquette,DC=NOVASYS,DC=LOCAL * Name : Service_Auth * Description : Service Users * Contains : Everything * condition:

Re: [PacketFence-users] Make PF function as NAT/Firewall with Radius and VLAN enforcement

ttps://sites.google.com/site/syscookbook/rhel/rhel-network-interface-rename-rhel7 > Yes it will work. > > > > I feel more comfortable using the old interface naming convention and > > the above procedure works well:-) > > > Regards > &

Re: [PacketFence-users] Can't link PacketFence with AD Server.

these switches, but there is a chance I will get some. When I get them, I will test the generic type. Regards Adrian *De: *"packetfence-users" *À: *"packetfence-users" *Cc: *"Durand fabrice" *Env

Re: [PacketFence-users] eap-tls machine authentication against AD

[mac:80:ce:62:a1:2e:75] violation 133 force-closed for 80:ce:62:a1:2e:75 (pf::violation::violation_force_close) Regards Fabrice Many thanks for you support and any possbile hint. Regards, carlos Am Sa., 16. Feb. 2019 um 00:26 Uhr schrieb Durand fabrice via PacketFence-users <mailto:packetfence-user

Re: [PacketFence-users] Guest authorization via SMS / hidden e-mail subject

e number" variable to this function. I do not know what it's called.Maybe someone will help?Lukasz sob., 16 lut 2019 o 22:04 Durand fabrice via PacketFence-users napisał(a): Hello Lukasz, check that: https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/SMSSource.pm#L1

Re: [PacketFence-users] Can't link PacketFence with AD Server.

: *"packetfence-users" *À: *"packetfence-users" *Cc: *"Durand fabrice" *Envoyé: *Jeudi 14 Février 2019 03:13:47 *Objet: *Re: [PacketFence-users] Can't link PacketFence with AD Server. Hello Adrian, i will check tomorrow the patch i gave you to be sure that it apply

Re: [PacketFence-users] Make PF function as NAT/Firewall with Radius and VLAN enforcement

Hello Tony, you can set the vlan as inline in PacketFence. What i would do in this case is the following: - Create on pf all the VLAN's an inline interface, per example eth1.10, eth1.11, eth1.12 (the vlan's you return when authenticated) - Set these vlan's id on the switch config

Re: [PacketFence-users] Guest authorization via SMS / hidden e-mail subject

Hello Lukasz, check that: https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/SMSSource.pm#L114 Just need to change few things. Regards Fabrice Le 19-02-16 à 05 h 26, Łukasz Wieczorek via PacketFence-users a écrit : I am a new user of packetfence and need

Re: [PacketFence-users] Packetfence "Unable to detect network connectivity"

Hello Isma'il, Le 19-02-15 à 18 h 49, Isma'il Yusha'u via PacketFence-users a écrit : Hello Caiqui, I am currently implementing Packetfence Zen 8.x in a lab setting and I was using VLAN enforcement using Huawei s5710 switch. I was using the Manual Provided by Packetfence. I make the

Re: [PacketFence-users] issue with cisco 2960 eap fragmentation

ce.log on the new PF server. Have you aware about this kind of issue ? Is this a known issue ? Many thanks in advance for your support. Regards, carlos Am Do., 14. Feb. 2019 um 03:18 Uhr schrieb Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.

Re: [PacketFence-users] eap-tls machine authentication against AD

Hello Carlos, can you check in packetfence.log if you see the eap-tls authentication coming ? It's a line like that: packetfence_httpd.aaa: httpd.aaa(2265) INFO: [mac:00:11:22:33:44:55] handling radius autz request: from switch_ip => (10.0.0.1), connection_type => Wireless-802.1

Re: [PacketFence-users] Users Being Authenticated without using AD

git a/conf/profiles.conf.defaults b/conf/profiles.conf.defaults |index 3f94856..80e3e2f 100644 |--- a/conf/profiles.conf.defaults |+++ b/conf/profiles.conf.defaults -- File to patch: On Thu, Feb 14, 2019 at 7:47 PM Durand fabrice via PacketFence-users <mailto:packetfence

Re: [PacketFence-users] Users Being Authenticated without using AD

-p1  < 3967_8.2.diff Regards Fabrice Le 19-02-14 à 22 h 36, William Blake MacIsaac via PacketFence-users a écrit : Hello Fabrice, I'm running 8.2.0 Thanks Blake On Thu, Feb 14, 2019, 7:27 PM Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.n

Re: [PacketFence-users] Users Being Authenticated without using AD

/components/schemas/configconnectionprofile.yaml |+++ b/docs/api/spec/components/schemas/configconnectionprofile.yaml -- File to patch: On Wed, Feb 13, 2019 at 6:28 PM Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hell

Re: [PacketFence-users] PF 8.0.3 guest manage portal

. Regards Tobias Am Do., 14. Feb. 2019 um 03:24 Uhr schrieb Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>>: Hello Guys, not really true, you can have the thing by using the administration roles. Create a admin role that per

Re: [PacketFence-users] Users Being Authenticated without using AD

I understand, we have so many features and we keep most of them because they are still used by someone. Also deploying a NAC is not something easy to do, you must be a network admin, a linux admin and most of the time have skills in windows and be able to understand how packetfence works...

Re: [PacketFence-users] Users Being Authenticated without using AD

Hello William, can you try that: https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3967.diff cd /usr/local/pf curl https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3967.diff| patch -p1 --dry-run if there is no error curl

Re: [PacketFence-users] PF 8.0.3 guest manage portal

Hello Guys, not really true, you can have the thing by using the administration roles. Create a admin role that permit "User Create" and assign this admin in a administration rule (in a source) then log in the admin guy with this account. Regards Fabrice Le 19-02-13 à 16 h 00, Tobias

Re: [PacketFence-users] Captive Portal times out

Hello Isma'il, Probably because it times out to do the ldap connection, check the log. Regards Fabrice Le 19-02-11 à 04 h 27, Isma'il Yusha'u via PacketFence-users a écrit : I have managed to configure a htpassword file for my login as the AD has failed to authenticate. The issue is, I get

Re: [PacketFence-users] packetfence-pki

een proceeding with the instructions and everything seems okay at the moment. Thanks, Cory On Sat, Feb 9, 2019 at 9:21 PM Durand fabrice <mailto:fdur...@inverse.ca>> wrote: Hello Cory, can you try that patch -p1 < views.py.diff and restart the pki. Le 19-

Re: [PacketFence-users] packetfence-pki

ython-django-tagging-0.3.6-5.1.noarch python-django-bash-completion-1.8.1-1.el7.noarch python2-django-formtools-1.0-4.1.noarch python-django-1.8.1-1.el7.noarch python-django-bootstrap3-5.1.0-4.1.noarch Thank you for all your help Cory On Sat, Feb 9, 2019 at 8:41 PM Du

Re: [PacketFence-users] packetfence-pki

Hello Cory, can you do rpm -qa|grep django in ref what i have on my side: django-countries-5.0-4.1.noarch python-django-rest-framework-3.1.1-16.1.noarch python-django-tagging-0.3.6-5.1.noarch python-django-bash-completion-1.8.1-3.1.noarch python2-django-formtools-1.0-4.1.noarch

Re: [PacketFence-users] No internet on Client Side

Hi Isma'il, did you configure inline.interfaceSNAT ? (check in pf.conf.defaults) Regards Fabrice Le 19-02-08 à 11 h 33, Isma'il Yusha'u via PacketFence-users a écrit : Hello Guys, I have been able to install and configure Packetfence with at least 3 vlans and two interfaces. eth0 has

Re: [PacketFence-users] Can't link PacketFence with AD Server.

est->{'Called-Station-SSID'}) ? "Wireless-802.11" : undef ) ); my $port= $radius_request->{'NAS-Port'}; Is there any other information you need ? Regards, Adrian - Mail original ----- De: "packetfence-users" À: "packetfence-users" Cc: &qu

Re: [PacketFence-users] RADIUS Reply: Reject

Hello Wifi Guy, it make no sense for you to do wire, you are the Wifi Guy Fabrice Le 19-02-07 à 15 h 31, Wifi Guy via PacketFence-users a écrit : Hi All, Seem to be getting an issue when I try to connect a macbook pro to the wired port on a cisco 2960 switch. If I connect a windows 10

Re: [PacketFence-users] Packet Fence SSO with VPN Radius

Hello Etienne, i am working on the support of the VPN and ASA in PacketFence and in the ciscoVSA attribute in the radius request there is the mac and the ip address of the device (tunnel ip and external ip). So it should be possible to trigger the sso based on that. For the fortigate i

Re: [PacketFence-users] Can't link PacketFence with AD Server.

Best Regard Adrian - Mail original - De: "packetfence-users" À: "packetfence-users" Cc: "Durand fabrice" Envoyé: Jeudi 7 Février 2019 00:26:02 Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. Hello Adrian, your issue looks to be b

Re: [PacketFence-users] Floating Devices cisco 2960

Yes you need to configure the accounting on the cisco switch. Le 19-02-07 à 00 h 25, Wifi Guy via PacketFence-users a écrit : Thanks. Does this mean I need to add something? Or should something be working that is not? Thanks On Wed, 6 Feb 2019 at 23:30, Durand fabrice via PacketFence-users

Re: [PacketFence-users] Floating Devices cisco 2960

, 6 Feb 2019 at 02:25, Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Wifi, Floating device works with radius, so a port with 802.1x/MAB enabled should work. Regards Fabrice Le 19-02-05 à 09 h 11, Wif

Re: [PacketFence-users] Out of HDD space

Hello Justin, the logs are managed by logrotate in /etc/logrotate.d/packetfence. Btw it's not normal to have 60GB of logs, what were the biggest files ? Regards Fabrice Le 19-02-05 à 21 h 06, Justin Hartman via PacketFence-users a écrit : Hello everyone I have a quick question I hope

Re: [PacketFence-users] getting a role problem

Hello, none of the 2 sources return a role (IT,TestUsers) and an access duration. you can use pftest to test your authentication source. (/usr/local/pf/bin/pftest) Btw you can create a catch_all rule without any condition at the end of the other authentication rules and see if it compute a

Re: [PacketFence-users] Floating Devices cisco 2960

Hello Wifi, Floating device works with radius, so a port with 802.1x/MAB enabled should work. Regards Fabrice Le 19-02-05 à 09 h 11, Wifi Guy via PacketFence-users a écrit : Hi All, I have some Cisco 2960s in my network. I am doing MAB and 802.1X on the ports for users that connect.

Re: [PacketFence-users] Can't link PacketFence with AD Server.

Hello Adrian, are you trying to do 802.1x ? Because cli access is just to allow some user to connect on a switch to configure it. Also can you provide the radius debug ? raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 Regards Fabrice Le 19-02-05 à 06 h 22, Adrian Dessaigne via

Re: [PacketFence-users] Multiple gateways

Hello Murilo, this should help your issue: https://sourceforge.net/p/packetfence/mailman/packetfence-users/thread/C3352ACF-7A96-4EE0-925E-8BF51AB42504%40oit.gatech.edu/ Regards Fabrice Le 19-02-04 à 13 h 23, Murilo Calegari via PacketFence-users a écrit : Hi, We have our Management

Re: [PacketFence-users] Can't link PacketFence with AD Server.

Hello Adrian, first set the workgroup and the domain name in capital letter NOVASYSPF and NOVASYSPF.COOP Also check that your packetfence server and the AD doesn't have more than 5 minutes difference. Try to do that and see if you have a ping reply:  ip netns exec DomaineAD ping

Re: [PacketFence-users] Question about Captive Portal's haproxy port80, or dhcp option

Hello Uli, it's like the inline enforcement work. Define a management interface and a inline interface and set the dns to something like 8.8.8.8. When a device will be in the inline vlan and if the device is unreg then it will be forwarded to the captive portal. Regards Fabrice Le

Re: [PacketFence-users] User attributes not populating from AD

Hello All, in the status page when you login there is no lookup::person called. Try to apply this patch and let me know if it's ok. ``` diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm

Re: [PacketFence-users] nodes -> framed-ip-address

Hello Helge, take a look here: https://mgmt_ip:1443/admin/configuration#configuration/main/advanced there is a configuration parameter to update iplog based on the radius accounting. Regards Fabrice Le 19-01-28 à 04 h 41, Wiethoff, Helge via PacketFence-users a écrit : Hi, I have a

Re: [PacketFence-users] Customizing the FQDN of Captive Portal?

Hello Christian, it's hard coded in PacketFence (https://github.com/inverse-inc/packetfence/blob/devel/go/httpdispatcher/proxy.go#L232) but it shoudn't be complicate to add a configuration parameter for each network to define the fqdn of the portal. I will have a look to see if it's not too

Re: [PacketFence-users] WMI prereg and reg scans fail when user connects

Hello Eran, it can happen if the account you use to do the wmi query never logon this target machine. To bypass that there is a configuration parameter in the domain config to allow the device in the reg vlan to reach the ad. Enable that and restart pfdns. Regards Fabrice Le 19-01-21 à

Re: [PacketFence-users] SelectRole/DNS/DHCP

Le 19-01-22 à 02 h 53, David Brustad via PacketFence-users a écrit : Hello Guys, PF Zen 8.3 Cisco WLC Cisco Router Production DHCP I'm having trouble using the SelectRole portal module. VLANS look like: 192.168.1.x 192.168.2.x 192.168.3.x 192.168.4.x 192.168.5.x and so on. PF admin IP is

Re: [PacketFence-users] snmptrapd with CentOS 7

Hello Helge, you can maybe try to edit the packetfence-snmptrapd.service file (/usr/lib/systemd/system) and add Environment=LD_PRELOAD=/usr/lib64/libmysqlclient.so.18 Or recompile net-snmp with the patch. Regards Fabrice Le 19-01-22 à 09 h 25, Wiethoff, Helge via PacketFence-users a

Re: [PacketFence-users] DHCP Option 43

Hello Thomas, you can do this kind of configuration but via the pfdhcp api (https://github.com/inverse-inc/packetfence/tree/devel/go/dhcp). Per example you can add this option 43 for a specific network. Also there is a new feature that is not yet merged in PacketFence that will allow you to

Re: [PacketFence-users] 8.3 Inline vs Enforcement ... 802.1x

Hello Enrico, you just have to set the registration vlan (in the switch config, pf side) as the vlan id of the inline one. Regards Fabrice Le 19-01-18 à 12 h 42, Enrico via PacketFence-users a écrit :   Dear all, I'm working again with the PF latest release. I've got a fresh install:

Re: [PacketFence-users] fields in nodes view

Can you explain more, like what fields you want to see. Regards Fabrice Le 19-01-15 à 10 h 03, Matteo De Lazzari via PacketFence-users a écrit : Hi to all. Is there a manner to change the default fields showed in nodes view (not only for the current session)? Thanks, Matteo

Re: [PacketFence-users] active directory authentication to web interface

Hello Matteo, yes of course, you need to define your AD source and add a management rule with access_level set to all. That's it. Regards Fabrice Le 19-01-15 à 10 h 39, Matteo De Lazzari via PacketFence-users a écrit : Hi to all. Is there a manner to use active directory to authenticate

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

Hello Will, can you provide the content of packetfece.log. It looks that the user xwill authenticate correctly but there is nothing returned by packetfence. (it use the default connection profile). Do you have an authentication source defined in the default connection profile (like the AD

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

Health Care | Intern, Support (NES) 4300 Haddonfield Road | Pennsuaken, NJ 08109 O: 856-380-3008 | Ext: 0527-13 | bayada.com -Original Message- From: Durand fabrice Sent: Friday, January 11, 2019 6:49 PM To: Brenek, Benjamin ; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence

Re: [PacketFence-users] Inline Routed Network - Traffic Dropped by IPtables

Hello Ross, you are true, by default packetfence use the management interface to route the traffic (in fact it enable masquerade on the mgmt interface and use the system route). First you need to add p2p2.1926 and p2p2.1927 as interfaceSNAT

Re: [PacketFence-users] PacketFence-ZEN System Swap 98.4%

ments, and any backup or archive copies. Thank you. From: Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> Sent: Monday, January 7, 2019 6:13 PM To: mailto:packetfence-users@lists.sourceforge.net Cc: Durand fabrice <mailto:fdur...@inverse.ca> Sub

Re: [PacketFence-users] Web Auth Enforcement with 802.1x works but 802.1x does not

yes with 8.3 Le 19-01-09 à 22 h 18, Dang Van Chuyen via PacketFence-users a écrit : OK... I input usern...@domain.com and it works. Can we set Packetfence to use both format username and email? Thanks ___

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

ike PacketFence is doing something even though it shouldn't. Thank you, Benjamin Brenek BAYADA Home Health Care | Intern, Support (NES) 4300 Haddonfield Road | Pennsuaken, NJ 08109 O: 856-380-3008 | Ext: 0527-13 | bayada.com -Original Message- From: Durand fabrice via PacketFence-us

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

Hello Benjamin, what you can do is to capture the ldap traffic between PacketFence and the ldap source and see with wireshark if the scope/base dn is what you set in the authentication source. In the code it does a search for the dn of the user and try to bind with this dn. So if the user

Re: [PacketFence-users] PacketFence-ZEN System Swap 98.4%

Hello Jonathan, you can try the following to find the process who use the swap: for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less And can you paste the top result command ? Regards Fabrice Le 19-01-07 à 20 h 38,

Re: [PacketFence-users] packetfence-radiusd-cli.service stopped 0

Hello Rogerio, packetfence-radiusd-cli.service is when you want to enable cli switch access (like ssh), so to enable it you need to configure it in the admin gui. Regards Fabrice Le 19-01-07 à 13 h 45, Roger Faria via PacketFence-users a écrit : Hi Everyone, I installing a new instance

Re: [PacketFence-users] RADIUS performance

interfaces configured in Hyper-V, they should all behave the same. On the virtual part I think they're 10Gb, physically, they're all 1Gb. Regards, Murilo Em qui, 3 de jan de 2019 21:41, Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> escreveu:

Re: [PacketFence-users] Web Authentication using Packetfence and WLC

Hello Kalcho, does packetfence receive a radius request from the controller ? If yes can you paste a radius request/reply ? (check in radius audit log for that) Regards Fabrice Le 19-01-03 à 10 h 09, Kalcho via PacketFence-users a écrit : Hello all, I have configured Web Authentication

Re: [PacketFence-users] 802.1X TTLS PAP ... does it works ?

d "journalctl -xe" for details. packetfence-radiusd-auth.service stopped   0 Do you have an example to post ? Thanks a lot ! Very Best Regards Enrico Il 21/12/2018 02:29, Durand fabrice via PacketFence-users ha scritto: Hello Enrico, what i would do is the following: edit /usr/lo

Re: [PacketFence-users] 802.1X TTLS PAP ... does it works ?

Hello Enrico, what i would do is the following: edit /usr/local/pf/raddb/mods-available/ldap and add that: ldap ldap_user {     server = "MyLDAP"     identity = "CN=readuser,CN=Users,DC=acme,DC=com"     password = password     basedn = "DC=acme,DC=com"     filter =

Re: [PacketFence-users] add a new switch type

Hello Matteo, post the swicth module you did and i will make the change. Regards Fabrice Le 18-12-17 à 06 h 23, Matteo De Lazzari via PacketFence-users a écrit : Hi to all, I have to use packetfence with some juniper EX3300 switches. Unfortunately neither JUNIPER EX 2200 Series nor

Re: [PacketFence-users] Captive Portal authorization Ruckus Interface logging

Hello Eric, as i remember with Ruckus web auth you need to have the management ip be able to reach the device. Let's say when you want to go on www.cnn.com the ruckus reply to the syn of the client with the source ip 151.101.209.67 (cnn) and create a 302 to redirect the device. What you

Re: [PacketFence-users] DOT1X MAC authentication

Hello Carlos, you can insert in the database the mac addresses and reg them and assign a role. Regards Fabrice Le 18-12-12 à 15 h 48, Carlos Wetli via PacketFence-users a écrit : Hello, I am trying to understand if there is a possible way within PF to check, in case of a client has no

Re: [PacketFence-users] SSL Certificate for portal

Hello Eric, for the portal you need to generate a server.pem file (haproxy use it). It contain the certificate + the intermediate and the private key. Regards Fabrice Le 18-12-12 à 16 h 44, Eric Rolleman via PacketFence-users a écrit : Where do I change the SSL certificate for the portal?

Re: [PacketFence-users] Post 8.2 upgrade IP address concerns

Hello Thomas, it looks to be an issue with the pfdhcplistener or maybe the numbers of items in the pfqueue. Can you check the pfdhcplistener.log file and the number of items in the queue ? Regards Fabrice Le 18-12-10 à 15 h 44, Thomas, Gregory A via PacketFence-users a écrit : After

Re: [PacketFence-users] help

portal available? Em qui, 6 de dez de 2018 às 22:31, Durand fabrice via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> escreveu: Hello Cousin, the error message is not related to your issue. do you have more log from packetfence.log file

Re: [PacketFence-users] VLAN Assignment for MAB clients

Hello Anton, as i can see both are doing 802.1x (Ethernet-EAP) but i suspect that the phone is doing eap-md5 and not pap. Can you try to add that in the switch interface config: default mab pap Also i did some change with a client to have a better support with VoIP on the Dell switches

Re: [PacketFence-users] help

Hello Cousin, the error message is not related to your issue. do you have more log from packetfence.log file and from httpd.portal.access when you connect your device to the ssid ? Thanks Fabrice Le 18-12-06 à 11 h 20, Caique Araujo via PacketFence-users a écrit : Brother, I am

Re: [PacketFence-users] VLAN Assignment for MAB clients

Hello Anton, can you share the packetfence.log file, the answer will be in. Regards Fabrice Le 18-12-06 à 15 h 03, Anton Castelli via PacketFence-users a écrit : I'm pretty new to Packetfence. I have a demo server set up and working. It authenticates 802.1x clients against our Active

Re: [PacketFence-users] MD5 error

Hello Amjad, can you paste the raddebug output, it will help to understand what happen. Regards Fabrice Le 18-11-22 à 06 h 01, Amjad Ali via PacketFence-users a écrit : Hi All, Just want to know that WIRED 802.1X and WIRED MAC AUTH authentication works well with PEAP but is giving error

Re: [PacketFence-users] SAML error.. please help

Hello Enrico, try to run /usr/local/pf/addons/pf-maint.pl and restart packetfence. Regards Fabrice Le 18-11-22 à 04 h 43, Enrico Becchetti Gmail via PacketFence-users a écrit : Dear All, I'm a newbie in PF but I'd like to use it to WiFi networks with inline mode and SAML authentication.

Re: [PacketFence-users] Installation issue

Hello Sébastien, PacketFence is not anymore supported on ubuntu. Use centos 7 or debian 8. Regards Fabrice Le 18-11-21 à 10 h 37, Sébastien LUONG via PacketFence-users a écrit : Hello, I try to install PacketFence on Ubuntu Precise 12.04.5. LTS server. I have install on my VM :

<    1   2   3   4   5   6   7   8   9   10   >