to look into the log
file.
Yes, we have AD configured as an authentication source. I
added it to the source in the connection profile and will
test it in the morning and report back.
Best,
Nadim
On Mon, Feb 10, 2020 at 8:31 PM Durand fabric
nection profile and will test it in
the morning and report back.
Best,
Nadim
On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice
mailto:fdur...@inverse.ca>> wrote:
Hello Nadim,
here what happen:
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
El-Khoury a écrit :
Hi Fabrice,
Please find attached the packetfence.log file.
The username is nel-kho...@springfieldcollege.edu
<mailto:nel-kho...@springfieldcollege.edu>
Best,
Nadim
On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via PacketFence-users
<mailto:packetfence-users@lists.so
Hello Nadim
Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users a écrit :
Hi Everyone,
It does not look like that PF 9.3.0 is able to assign the right
connection profile once a user is authenticated.
Question 1) Why is the right connection profile not being picked up
based on the
Hello Daniele,
can you share your cluster.conf and pf.conf ?
The setup is exactly the same as
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Clustering_Guide.asciidoc
except that you define inline interface instead of internal.
Regards
Fabrice
Le 20-02-07 à 09 h
Hello Andrew,
for standalone AP i am not sure that you can do web auth.
So you can do an inline setup.
Regards
Fabrice
Le 20-01-05 à 09 h 41, Andrew Mwakudua via PacketFence-users a écrit :
HI;
New here. Kindly I would Like to request for assistance in setting up
a guest network on
Hello Christian,
can you try to see if the following command return the mgmt interface ?
ip route get 10.0.1.101
Also can you check if ip_forwarding is enabled on the packetfence server ?
Regards
Fabrice
Le 20-01-05 à 06 h 05, Christian Hillebrand via PacketFence-users a écrit :
Hi,
I am
Hello Steve,
just stop DNSMasq.
Regards
Fabrice
Le 20-01-03 à 23 h 22, Steve Stone via PacketFence-users a écrit :
New to packetfence. Installing it on Centos 7 and follow all
suggestion in guide but when I get to start packetfence PFDNS will
not start. I check pfdns.log and it
Hello Enrico,
Session-Context-Not-Found mean that the device is not connected on the ssid.
When you delete the client, is it on the WLC ?
Regards
Fabrice
Le 20-01-02 à 03 h 48, Enrico Pasqualotto via PacketFence-users a écrit :
Dear all, some month ago I got an issue with a compatibility
Probably here:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/WLC.pm#L399
Le 19-12-28 à 09 h 42, Ryan Radschlag via PacketFence-users a écrit :
We're trying to test the useability of DPSK. Our WLC does support
generating keys via command line. I have added the
Hello Ryan,
it's coming from the locationlog table in the db.
Btw there is a bug in the admin gui and it looks that you can't add a
ssid that doesn't already exist. (edit profiles.conf if you want to add
it manually)
It will be fixed next week.
Regards
Fabrice
Le 19-12-27 à 11 h 37,
Hello Ryan,
it looks that you enabled autoregister on the connection profile.
Disable it and retry.
Regards
Fabrice
Le 19-12-25 à 10 h 08, Ryan Radschlag via PacketFence-users a écrit :
We're trying to get down to having one open ssid, having people be
dumped into the registration vlan by
Hello Pasquale,
you can do that:
htpasswd -c /usr/local/pf/conf/admin.conf bob
Then log with the bob username and password you defined.
Regards
Fabrice
Le 19-12-20 à 06 h 38, Pasquale Lo Bello via PacketFence-users a écrit :
Hello
i installed pf in a cluster environment using thee
Hello Dmitry,
run /usr/local/pf/addons/pf-maint.pl and restart pfmon
Regards
Fabrice
Le 19-12-25 à 05 h 42, Dmitry A. Avtonomov via PacketFence-users a écrit :
Hello
after conversion 3 standalone servers to cluster, pfmon don't act as
expected.
it don't unregister nodes. all registred
Hello Ali,
can you share with me the switch module you created ?
Also do you have this function:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L631
and do you have that support:
Hello Williams,
if you have a scan configured on the connection profile that match then
packetfence is suppose to do the lookup.
Can you provide the log when the device connect ? (tail -f
packetfence.log | grep @mac)
Regards
Fabrice
Le 19-11-21 à 18 h 00, Zacharry Williams via
Hello Christian,
what you can do is to follow that:
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#advanced-access-configuration
as you can see in the example you can make a difference between the
domain-joined device and the byod.
So the
-users a écrit :
thank you Fabrice for the information.
I will meet our DB engineer today in order to configure the
arbitrator. Which services should be restarted from PF point of view
in order to have the settiings active ?
Regards,
Carlos
Am Mi., 30. Okt. 2019 um 01:40 Uhr schrieb Durand fabrice
19-11-21 à 06 h 57, Carlos Wetli via PacketFence-users a écrit :
Hello Fabrice,
Thank you for your reply.
Is that still the case with PF 9.1 or will that be solved ?
Regards,
carlos
Am Mi., 30. Okt. 2019 um 01:52 Uhr schrieb Durand fabrice via
PacketFence-users <mailto:packetfence-us
). And I'm not sure about the caracterictics of
these AP.
Fabrice
Le 19/11/2019 à 14:43, Durand fabrice via PacketFence-users a écrit :
Hello Fabrice,
do you have a controller to manage the AP ?
Regards
Fabrice
Le 19-11-19 à 05 h 55, Monnier Fabrice via PacketFence-users a écrit :
Hello,
I
Le 19-10-21 à 06 h 38, Raik Richter via PacketFence-users a écrit :
Hi !
Am using Packet Fence now for a while for both Wireless and Wired
Authentication and works very well !
Now recently I started applying time and bandwidth limits to users
(nodes) of specific roles.
I was looking for
Hi,
a quick hack should be to modify this line to add you garbd ip address here:
https://github.com/inverse-inc/packetfence/blob/devel/conf/mariadb/mariadb.conf.tt.example#L157
Regards
Fabrice
Le 19-10-29 à 03 h 34, Carlos Wetli via PacketFence-users a écrit :
Hi Christian,
Did you manage
all the cluster hosts, and now the new VLAN is
available for dynamic assignment. Thank you for your quick response!
The information in this mailing list has helped me greatly during my
build and testing of our deployment.
Best,
Mark
On Mon, Oct 14, 2019 at 3:38 PM Durand fabrice via PacketFence-us
/mods-available" and
"mods-enabled", but I don't know if these are the correct folders.
Thank you so much for your help!
On Mon, Oct 14, 2019 at 3:23 PM Durand fabrice wrote:
Hello Jordan,
The logic needs to be added in Freeradius, since freeradius does the
802.1x.
In fact
was create a new password field in "Authentication.pm" but
it continues to prompt for the normal password field when validating
the form. If someone knows an easy way to achieve that, i thank you in
advance,
Regards,
On Sat, 12 Oct 2019 at 03:00, Durand fabrice via PacketF
Hello Mark,
all you did looks good.
Can you try:
pfcmd pfconfig clear_backend
pfcmd configreload hard
and do:
pfcmd checkup
and see if you still have the error.
Regards
Fabrice
Le 19-10-14 à 17 h 12, Mark Okuno via PacketFence-users a écrit :
Hello folks,
We currently have a
accounts, and it stops
when NTLM auth fails instead of moving on to the next source.
On Sun, Oct 13, 2019 at 4:57 AM Durand fabrice wrote:
Hello Jordan,
yes you can do that on the captive portal.
You just need to create a connection profile with a rule that match per
example the ssid and assign
Hello Hans,
can you provide the logs for the mac addresse you are testing with ?
Like "cat packetfence.log|grep 00:11:22:33:44:55"
Regards
Fabrice
Le 19-10-13 à 16 h 17, Hans Johnson via PacketFence-users a écrit :
Hi everyone,
After years of running PF 6.5.1, I've finally found the time
is, Is there a place through the GUI to add CA certs
to PF or we do it manually by SCP to somewhere around here?
/usr/local/pf/conf/ssl/tls_certs/
@Durand fabrice <mailto:fdur...@inverse.ca> can you point to the right
place? I'd like to auth wired 802.1x machines with certificates
Hello Martin,
yes it's possible, you just need to add a Time Balance in the
authentication rule of you email source.
So let's say, you have an access duration to 1 day and a time balance of
2 hours then it mean that you are allowed to use 2 hours in a period of
one day.
And don't forget
Hello,
can you execute "ip a" on the linux box and paste the result ?
Regards
Fabrice
Le 19-10-11 à 22 h 21, 孙 国涛 via PacketFence-users a écrit :
I just started building the server. So I set interface like this
My server have a interface ens34 . it connected my switch G1/0/47
I have 3
it check the student source first, then if it
fails go to AD? or something like that? G Suite doesn't normally do
802.1x, but they have an LDAP server you can authenticate against
which is what I'm trying to do.
Thanks!
On Fri, Oct 11, 2019 at 5:45 PM Durand fabrice via PacketFence-users
wrote
Hello André,
can you do that:
curl http://127.0.0.1:2/api/v1/dhcp/stats/eth2 | python -m json.tool
and paste the result ?
Regards
Fabrice
Le 19-10-01 à 11 h 23, André Scrivener via PacketFence-users a écrit :
Hi guys, I hope you are fine.
I have created a captive portal for network
Just a detail, you can't use it for freeradius but for https it's ok.
Le 19-10-11 à 05 h 23, mj via PacketFence-users a écrit :
On 10/10/19 5:24 PM, pro fence via PacketFence-users wrote:
hi,
does anybody know if it is possible to use a wildcard certificate
(*.mydomain.com
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Clustering_Guide.asciidoc#adding-files-to-the-synchronization
Le 19-10-10 à 04 h 33, pro fence via PacketFence-users a écrit :
Hi,
in a cluster, is it possible to include the translation files
(packetfence.po and
Hello Justin,
can you run :
netstat -nlp| grep 1812
and check if the radius server is listening on the ip you want ?
Regards
Fabrice
Le 19-10-09 à 17 h 27, Justin Hartman via PacketFence-users a écrit :
Hello, I am hoping someone can help me with what I think is a simple
problem but I
Le 19-10-08 à 21 h 14, Javier Pobeda via PacketFence-users a écrit :
Hi folks,
I'm struggling to understand basic design stuff.
I want to run my PF server to authenticate remote users (wired 802.1x)
and also provide AAA to access network gear assigning role privilege
levels, etc.
Remote
Hello Guy,
Le 19-10-09 à 11 h 29, Guy BLAVIN via PacketFence-users a écrit :
Hello all,
On a 8.3.0 packetfence cluster of three nodes on debian 8.11 I have a
lot of logs about Fingerbank but I don't use it, there is no API key and
I read that it means it should be disabled.
On the web
Hello pro,
you can use a null authentication source for that.
Regards
Fabrice
Le 19-10-08 à 05 h 36, pro fence via PacketFence-users a écrit :
may i add that removing it from
html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/Password.pm
doesn't work.
Hello Martin,
can you post the packetfence.log lines when it happen ? (registration
process)
Regards
Fabrice
Le 19-10-07 à 21 h 11, Martin Rodriguez via PacketFence-users a écrit :
Hi! I would like to understand why I get a Disconnect Request from PF
after few senconds the user connect
Hello Jason,
is it possible to have the raddebug of the request ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
Regards
Fabrice
Le 19-10-04 à 14 h 21, Jason Tally via PacketFence-users a écrit :
Hi,
I'm attempting to setup the FortiGate + 802.1x scenario but I'm
running into
Hello,
in fact what you need is 2 authentications sources, one for user with
authentication rules and the other one for machine without any rules.
So the user source will assign the role and the machine source will just
validate the account.
The only issue i can see is when you do machine
Hello Jordan,
the error message is related to ntlm, so it mean that it try to
authenticate the student account on the AD.
When it fail in freeradius then the radius request doesn't reach the
packetfence code to test the authentication sources with the rules.
So you need to find a way to
Hi,
the rotation date is store in the db, so you need at leat to reach this
date in order to use the new rotation duration.
Also you can change it in the db.
Regards
Fabrice
Le 19-10-03 à 09 h 40, pro fence via PacketFence-users a écrit :
Hi,
i maintain my first message, when changing
Hello Alain,
is it suppose to be on the inline interface ?
Also is supposed to be available for the registered user ? (the rules in
red DROP if registered)
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain mark match 0x3
ACCEPT udp -- anywhere
Hello Alain,
you can go ahead and restart iptables service, there is no impact.
systemctl restart packetfence-iptables
Regards
Fabrice
Le 19-09-24 à 05 h 35, Alain Defrance via PacketFence-users a écrit :
Hi Martijn
not yet because the server packetfence is in product.. i'm afraid to
:30:07:4d:74:4c:55] controllerIp is set, we will use controller
172.28.5.250 to perform deauth
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
-Original Message-
From: Durand fabrice via PacketFence-users
Sent: Thursday, 5 September 2019 9:43 AM
To: packetfence-users
Your config looks good but there is something i miss.
Can you provide the packetfence.log when you register ?
Le 19-09-04 à 18 h 11, Peter Reissenweber via PacketFence-users a écrit :
Any options here do you need more logs?
-Original Message-
From: Peter Reissenweber via
Hello Peter,
if you do vlan by role then PacketFence will send a Disconnect, if it's
role by switch role then it will be a CoA. (just to explain the logic)
Also "Received invalid reply digest from RADIUS server" sounds me that
the shared secret is invalid.
What you set in the radius tab
Hello Benjamin,
it looks that this is what you need
https://github.com/inverse-inc/packetfence/pull/2034
it's in PacketFence since the version 7.0, can you try to enable
advanced.multihost and retry ?
Regards
Fabrice
Le 19-08-28 à 08 h 25, Shirley, Benjamin via PacketFence-users a écrit
Hello Christian,
technically yes but to make it work with PacketFence you will need to
adapt the file mariadb.conf.tt
Regards
Fabrice
Le 19-08-28 à 11 h 56, Christian McDonald via PacketFence-users a écrit :
Greetings,
Does PacketFence support 2 nodes plus a Galera arbitrator (as opposed
Hello Eric,
i use to test my certificate chain here (paste the cert + the intermediate):
https://tools.keycdn.com/ssl
Just verify if from the cert to the CA the chain is valid then add the
private key at the end.
Regards
Fabrice
Le 19-08-22 à 14 h 32, Eric Rolleman via
to be configured as the radius server
in the WLC ?
Thanks,
Regards,
On Tue, 16 Jul 2019 at 23:16, Durand fabrice via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello,
only the VIP needs to be configured as the radius server.
Regards
Fabrice
Hello Andrew,
it's not yet possible but you can open an issue here:
https://github.com/inverse-inc/packetfence/issues/new/choose
Regards
Fabrice
Le 19-07-16 à 11 h 11, Torry, Andrew via PacketFence-users a écrit :
Hi folks,
Is it possible to change the date format in the v9 GUI so that
Hello Benjamin,
you can lower case the username here:
https://github.com/inverse-inc/packetfence/blob/devel/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/Login.pm#L125
$username = lc($username);
Regards
Fabrice
Le 19-07-16 à 11 h 03, Brenek,
Hello,
only the VIP needs to be configured as the radius server.
Regards
Fabrice
Le 19-07-16 à 11 h 53, Domingos Varela via PacketFence-users a écrit :
Hello,
Does your wlc have hits in the statistics of communication with radius
servers?
Do you have the IPs of the servers in wlc's ACL?
Hello Valera,
4gb is not enough , you need at least 8gb. (reserve the memory)
I think you are using the swap and it's why you are using the disk.
Regards
Fabrice
Le 19-07-12 à 17 h 11, Domingos Varela a écrit :
Hello Fabrice,
l have a vm, in vmware esxi with 4G ram 100G hdd (default
that how we can connect
switch with Third party radius server?.
Secondly what is Radius Proxy?Is Radius Proxy is a method to integrate
Third party Radius server with PacketFence?.
Regards,
Alina Haider
*From:* Durand fabrice via
and it will be the packetfence's dhcp server that will reply
(it's not managed by your dhcp/dns/...).
Eugene
*From:*Durand fabrice via PacketFence-users
*Sent:* Wednesday, July 03, 2019 5:52 PM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Durand fabrice
*Subject:* Re: [PacketFence-users] Manual
Hello Domingos,
for me it looks to be an issue with the acl you defined in the WLC.
Regards
Fabrice
Le 19-07-04 à 11 h 56, Domingos Varela via PacketFence-users a écrit :
Hi,
I installed the new version PacketFence 9.0.1 and I am having
difficulties because the portal did not open, I am
Hello Alina,
there is no need to change anything in this section to make radius working.
The only thing you need to have is the switch configuration and the
radius shared secret defined.
With that you will be able to send radius access request to packetfence
from the AP/Controller/Switch.
Hello Eugene,
in the realm config assign the correct domain to the null realm and
restart radius.
Regards
Fabrice
Le 19-06-30 à 15 h 16, E.P. via PacketFence-users a écrit :
Guys,
Please point my eyes in the right direction in the attempt to
understand what’s wrong.
Perhaps it has
Hello Eugene,
it's something really easy to do.
First in the switch config assign -1 to the registration role (it will
reject the device that is not reg) and assign the correct vlan id for
the other roles.
Next create a connection profile with a filter that match the ssid and
don't assign
Hello Mike,
you need to run pf-maint.pl , it's a bug that has been fixed.
Regards
Fabrice
Le 19-07-03 à 07 h 02, Mike McGeer via PacketFence-users a écrit :
Hi all.
All I wan't it to use VLAN enforcement without Radius for now.
I am struggling with the following, SNMP traps are populating
Hello Lucas,
you probably need to have an interface of the dhcp server in the inline
network.
Or you can probably install a dhcp relay on the pf box.
Regards
Fabrice
Le 19-06-28 à 09 h 06, Lucas Soares via PacketFence-users a écrit :
Hello guys,
Need help. How can i configure
tt
On Tue, Jun 25, 2019 at 8:17 PM Durand fabrice via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Robert,
what you can do is to use adsiedit.msc on the AD to be able to see
the attributes of a user or a group.
There is 2 wa
Hello Martijn,
so you need to enable the snmptrapd service and also enable the pfsnmp
queue.
Add that in pfqueue.conf:
#
# pfsnmp_parsing queue configuration
#
[queue pfsnmp_parsing]
#
# The weight of queue among shared workers
#
weight=2
#
# The number of dedicated workers for queue
#
Hello Felipe,
can you share the packetfence.loog file when packetfence try to deauth
the device ?
Also you can capture the traffic on packetfence to see if you have an
answer for the coa:
tshark -i eth0 -f "port 3799"
Regards
Fabrice
Le 19-06-25 à 12 h 44, Felipe Rodrigues via
Hello Keith,
yes i tried to raise the buffer in the freeradius code but i created
more issue.
So right now there is no solution for that.
Regards
Fabrice
Le 19-05-31 à 11 h 38, Keith McCormick via PacketFence-users a écrit :
Hello,
I just installed the latest version of Packetfence to
Hello Ivan,
Le 19-06-10 à 15 h 01, Ivan Saliu via PacketFence-users a écrit :
Hi Nicholas and Felipe (hopefully you stuck with us),
So now I’ve understood what I was doing wrong and it was just so
stupid that I can’t even…
Basically I did two things:
-I put the custom port for CoA (1700
Hello Steve,
it looks that it's the firewall sso you are looking for.
Try to configure the checkpoint firewall sso in packetfence, it send
radius accounting packet.
Regards
Fabrice
Le 19-06-10 à 16 h 44, AOL via PacketFence-users a écrit :
Hi,
I’ve been trying to get a PacketFence
On Tue, May 21, 2019 at 9:02 PM Durand fabrice <mailto:fdur...@inverse.ca>> wrote:
So you can just change this line:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/SG300.pm#L91
with that:
return $NAS_port - 48;
My only concert is ab
uth[25948]: (41107) Login
OK: [testradius] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)
Looks like it's also sending port 49.
Is there somewhere to make a modification where I can say $Port =
$Port - 48 or something?
On Thu, May 16, 2019 at 9:27 PM Duran
Aruba switch
module and the sessid causing an issue?
Thank you,
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks
785-342-7903
On May 16, 2019, at 8:11 PM, Durand fabrice via PacketFence-users
wrote:
hello Louis,
i fixed the issue with the aruba instant access, just need to run
11:40:14 youi-packetfence-p1 pfqueue: pfqueue(18291) WARN:
[mac:78:7b:8a:d3:ae:74] Unable to match MAC address to IP
'10.100.90.109' (pf::ip4log::ip2mac)
On Tue, May 14, 2019 at 9:18 PM Durand fabrice via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Stuart,
can you paste the log when you plug in the switch port ?
tail -f /usr/local/pf/logs/packetfence.log| grep 00:11:22:33:44:55
with the real mac address of course.
Regards
Fabrice
Le 19-05-14 à 10 h 43, Stuart Gendron via PacketFence-users a écrit :
Hey there,
Was wondering
Hello Matt,
to be able to have this information PacketFence needs to receive the
dhcp traffic of the device.
It can be done in the registration network (since packetfence is the
dhcp), via a ip helper-address config on the vlan interface, or use
dhcp-forwarder (cf doc).
Regards
Fabrice
, Durand fabrice via PacketFence-users
wrote:
In the realm configuration in packetfence you can choose to strip on the
portal/radius/admin, also you can add "strip" in the freeradius option and it
will add the configuration in freeradius.
Regards
Fabrice
Le 19-05-09 à 10 h
In the realm configuration in packetfence you can choose to strip on the
portal/radius/admin, also you can add "strip" in the freeradius option
and it will add the configuration in freeradius.
Regards
Fabrice
Le 19-05-09 à 10 h 16, Louis Scaringella via PacketFence-users a écrit :
Where is
yes
Le 19-05-09 à 10 h 23, Louis Scaringella via PacketFence-users a écrit :
I’m embarrassed to say at my age, i’ve never used a mailing list so trying to
understand how it works. Will this message show up on Sourceforge?
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
for no
reason (disabled). I will post it has soon has I resolve this problem.
Btw, the VLAN issue is not due to this violation.
Regards,
Adrian
*De: *"packetfence-users"
*À: *"packetfence-users"
*
understand very well, PF proxy doesn't show what is in the
inner tunnel
so I changed the config of my radius backend , to check and allow
login only if the identity
is the same as the username held in the inner tunnel.
Thanks again.
Best regards.
Enrico
Il 09/05/19 00:42, Durand fabrice via
Hello Stuart,
is it a cluster setup ?
Also what you can try to do is to set the server to 127.0.0.1 instead of
localhost.
https://github.com/inverse-inc/packetfence/blob/devel/conf/pfconfig.conf.example#L5
https://github.com/inverse-inc/packetfence/blob/devel/conf/pf.conf.defaults#L263
Hello Enrico,
as i understand your setup it looks that you proxy the request to
another server (based on the realm pg.infn.it) but since you proxy the
request packetfence doesn't have access to the inner tunnel.
So the only solution is to authenticate the radius request directly on
14, David Magda a écrit :
On Tue, May 7, 2019 22:29, Durand fabrice via PacketFence-users wrote:
Hello David,
for that you can use the radius filter to add on the fly the additional
attribute.
[mac]
filter = mac
operator = is
value = 00:11:22:33:44:55
[1:mac]
scope = returnRadiusAccessAcc
Hello David,
for that you can use the radius filter to add on the fly the additional
attribute.
[mac]
filter = mac
operator = is
value = 00:11:22:33:44:55
[1:mac]
scope = returnRadiusAccessAccept
merge_answer = yes
answer1 = Egress-VLANID => 22
If the mac is 00:11:22:33:44:55 then add
Hello David,
a radius request without Calling-Station-Id attribute mean for
packetfence that it's a cli access (ssh on the switch per example), so
the attribute is mandatory.
On the other side you can create a local account nagios with the correct
password and assign it an administration
to the registration VLAN.
Adrian.
*De: *"packetfence-users"
*À: *"packetfence-users"
*Cc: *"Durand fabrice"
*Envoyé: *Vendredi 3 Mai 2019 03:34:35
*Objet: *Re: [PacketFence-users] Avaya ERS 3500 Vlan
It looks to be a switch issue.
When the device disconnect there is no radius request so no vlan returned.
Did you check if it's not from the ADAC config ?
Regards
Fabrice
Le 19-04-30 à 04 h 06, Adrian Dessaigne via PacketFence-users a écrit :
Hello Nicolas,
Here is the RADIUS Request and
Hello,
i noticed that you probably run a cluster, can you paste the
cluster.conf file ?
Also can you run that: pfcmd pfconfig show interfaces::portal_ints
and paste the output ?
Thanks
Fabrice
Le 19-04-30 à 09 h 41, pro fence via PacketFence-users a écrit :
don't mind the " backend has
Hello Patti,
Debian 9 support will come with PacketFence 9.
Regards
Fabrice
Le 19-04-30 à 17 h 59, Patti Robinson via PacketFence-users a écrit :
I have tried to install packetfence on debian 9.9 stretch. I get to
install packetfence and it says, "Unable to locate package
packetfence".
Hello Patti,
so the windows server 2012 is the AD and you have virtualbox running on
it with packetfence ?
It sounds to me an issue on the network between the 2012 server and the
vm , so check virtualbox network config.
Regards
Fabrice
Le 19-04-25 à 10 h 48, Patti Robinson via
Hello Barry,
Le 19-04-25 à 17 h 15, Barry Quiel via PacketFence-users a écrit :
Unfortunately I can't. Our base OS build includes packages from
epel. And the patch policy requires that repo be enabled for
automatic updates.
I forced the netdata version in the packaging for the next
Hello Olivier,
can you share your networks.conf pf.conf and do an "ip a" and paste the
result.
If the dhcp server is not able to assign the requested address then it
mean that it's a configuration issue.
Regards
Fabrice
Le 19-04-10 à 03 h 27, Olivier Gelin via PacketFence-users a écrit
Hello Stuart,
WIRED_MAC_AUTH is deprecated now.
https://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc#update-connection_type-from-wired_mac_auth-to-ethernet-noeap
Regards
Fabrice
Le 19-04-09 à 16 h 57, Stuart Gendron via PacketFence-users a écrit :
Hey all,
One issue
!
Do you want the MIB Files or is it enought to program the module ?
Best regards
Adrian
*De: *"packetfence-users"
*À: *"packetfence-users"
*Cc: *"Durand fabrice"
*Envoyé: *Lundi 1 A
Hello Kalcho,
you can use directly your Microsoft pki with packetfence
https://github.com/inverse-inc/packetfence/blob/devel/docs/pki/microsoft.asciidoc
Regards
Fabrice
Le 19-04-03 à 18 h 25, Kalcho via PacketFence-users a écrit :
Hi all,
I already have 2-tier Microsoft PKI
is enabled on management interface.
I am doing web auth with a Cisco 5508 controller
Need any other details ?
On Mon, Apr 1, 2019 at 8:52 PM Durand fabrice <mailto:fdur...@inverse.ca>> wrote:
Hello Andrew,
sorry but i don't understand your setup.
So you have only one m
just
disconnects and reconnects and goes right back to the portal again.
Not sure where else to look to make it work. Any log file that would
tell me anything ?
Or do I need a registration interface to make this work?
On Sun, Mar 31, 2019 at 8:36 PM Durand fabrice via PacketFence-users
Hello Adrian,
first try with the generic swiitch module to see if you are able to set
a vlan on a radius reply.
Then configure the snmp on the switch and choose snmp as deauth method
and try to reevaluate the access of the device (from node tab).
If the vlan change then the generic switch
101 - 200 of 1001 matches
Mail list logo