Re: [PacketFence-users] Connection Profile and SSID Filter

Is the information in the request sufficient for this to be fixed? I can provide anything else you may need on the Aruba side to help. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 1:12 PM, Louis Scaringella via PacketFence-users >

Re: [PacketFence-users] Guest Sponsorship

I got it working!! You were absolutely right about the username. The problem that I discovered from looking at the log in details, was that was matching my other Active Directory Authentication Source which didn’t have the “mark as sponsor” setting configured. It was matching the first one in

Re: [PacketFence-users] Packetfence set role by mac not user...

I tried with sAMA before this, but will try this again. sAMA should match tho ? “searchattributes=uid,distinguishedName,memberOf,sAMAccountName” Edit: Tested still no role using no stripping. BR, Anton. Från: Ludovic Zammit Skickat: den 29 september 2020 18:54 Till: Fetakungen Virtual

Re: [PacketFence-users] Connection Profile and SSID Filter

Here it is. It appears it isn’t able to extract the SSID from the Aruba Controller. This is ArubaOS 8.6 running on the controller. Any ideas to workaround this? It even says to let you all know so you can add support for it. I appreciate all you do to keep this product awesome! Oct 7 13:08:35

Re: [PacketFence-users] Connection Profile and SSID Filter

Here is the request: RADIUS Request User-Name = "00-24-d6-5b-30-bc" User-Password = "**" NAS-IP-Address = 198.18.255.64 NAS-Port = 0 Service-Type = Call-Check Called-Station-Id = "20:4c:03:58:99:8a" Calling-Station-Id = "00:24:d6:5b:30:bc" NAS-Port-Type = Wireless-802.11 Event-Timestamp =

Re: [PacketFence-users] Connection Profile and SSID Filter

Check in the radius audit log for the radius request and check if one of the attribute contain the SSID. If the SSID is defined in one of the attribute then we will be able to fix it , if no then check on the aruba side if there a way to push it. (it's by default) Le 20-10-07 à 14 h 12,

Re: [PacketFence-users] Guest Sponsorship

I’ll try and capture that shortly. Just as a comparison, whenever I use a PacketFence local user that I create to login as the sponsor, and that i’ve manually marked as a sponsor, things work fine so it must be the AD authentication and marking as sponsor of that account that is the problem

Re: [PacketFence-users] Guest Sponsorship

Try to capture the ldap traffic to see what is returned. Le 20-10-07 à 13 h 24, Louis Scaringella a écrit : Thank you. I am using that name and just verified that is how it shows in AD exactly. Whenever I log in with that user, PacketFence says that user doesn’t have access to sponsor the

Re: [PacketFence-users] Guest Sponsorship

Thank you. I am using that name and just verified that is how it shows in AD exactly. Whenever I log in with that user, PacketFence says that user doesn’t have access to sponsor the user. It seems to fail to recognize this user as a sponsor. In my AD auth source, there is an admin rule set to

Re: [PacketFence-users] Guest Sponsorship

The sAMAccountName. Le 20-10-07 à 13 h 17, Louis Scaringella a écrit : Ok, I have exactly that in my AD auth source now. When I login as a sponsor, what should I be using? My AD account name or email address associated with that account and sponsorship? Louis Scaringella Security Systems

Re: [PacketFence-users] Guest Sponsorship

Ok, I have exactly that in my AD auth source now. When I login as a sponsor, what should I be using? My AD account name or email address associated with that account and sponsorship? Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 12:14

Re: [PacketFence-users] Guest Sponsorship

You are not suppose to do that. whit that in the AD source: email_attribute=mail usernameattribute=sAMAccountName you should be ok. Le 20-10-07 à 13 h 11, Louis Scaringella a écrit : In the AD auth source, I added “email” as a search attribute for the username. Maybe that is what you were

Re: [PacketFence-users] Guest Sponsorship

In the AD auth source, I added “email” as a search attribute for the username. Maybe that is what you were explaining and I wasn’t quite understanding initially? Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 12:04 PM, Fabrice Durand

Re: [PacketFence-users] Guest Sponsorship

I am logging in as the sponsor using the AD sAMAAccount name in this case. However, I think the problem is that when the guest has to put in a sponsor, it must be an email address so I think there is discrepancy there with that. It is expecting me to login with that email address I suspect. Do

Re: [PacketFence-users] Guest Sponsorship

It does authenticate me when I log in as the sponsor user, it just doesn’t recognize that the user is a sponsor. How would it know that the user exists and is set as a sponsor in PacketFence without that user created? Without the user manually created, it does use AD to authenticate the sponsor

Re: [PacketFence-users] Guest Sponsorship

Ok, I have found a level of success with this! Not perfect, but down the right path at least. So, using my AD source for guest registration email, it sends the email, I click the link, and then login with a user I created manually in PacketFence. I went into the actions and “marked as sponsor”

Re: [PacketFence-users] Guest Sponsorship

Le 20-10-07 à 12 h 56, Louis Scaringella a écrit : I am logging in as the sponsor using the AD sAMAAccount name in this case. However, I think the problem is that when the guest has to put in a sponsor, it must be an email address so I think there is discrepancy there with that. It is

Re: [PacketFence-users] Guest Sponsorship

What i think it's probably because of the username attribute in the AD authentication source. When you set a sponsor in the portal then packetfence try to find the email address in the AD and check if the user account is a sponsor. When you click on the link then the portal ask you to

[PacketFence-users] ANN: PacketFence v10.2

The Inverse team is pleased to announce the immediate availability of PacketFence v10.2. This is a major release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is

Re: [PacketFence-users] Connection Profile and SSID Filter

What i am looking for is the line in packetfence.log that start with "handling radius autz request" Le 20-10-07 à 12 h 02, Louis Scaringella a écrit : Hello, When I add the SSID filter to the connection profile, this is the log I see: Oct 7 10:59:54 localhost packetfence_httpd.portal:

Re: [PacketFence-users] Guest Sponsorship

I tried the same thing, but using Active Directory source this time as a sponsor. It’s the same error, when a guest is signing up, they can put the sponsor from AD in and it does send the email to the sponsor. But when sponsor clicks the link and signs in with AD credentials, it says that the

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello, When I add the SSID filter to the connection profile, this is the log I see: Oct 7 10:59:54 localhost packetfence_httpd.portal: httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) If the SSID filter is removed, it

Re: [PacketFence-users] 10.1.0 Zen - Some services stopped causing network connectivity issues

Fabrice, I'm a bonehead and the issue was network/routing related. Thanks for the quick response and getting me going in the right direction. On Wed, 07 Oct 2020 10:25:17 -0500 Fabrice Durand via PacketFence-users wrote Hello, you will probably needs to fix the network issue

Re: [PacketFence-users] Guest Sponsorship

Of course, thank you for your help! Here is the logs from the entire process of the guest choosing sponsor email and then the sponsor clicking the link and trying to authenticate. I’m using a user in /usr/local/pf/conf/admin.conf that I created as a htpasswd file instead of Active Directory.

Re: [PacketFence-users] 10.1.0 Zen - Some services stopped causing network connectivity issues

Hello, you will probably needs to fix the network issue first. Check to see if the interface eth0 is in the correct network. Also try tcpdump -i eth0 to see if you see traffic from the management network. Regards Fabrice Le 20-10-07 à 09 h 15, rsm1080 via PacketFence-users a écrit :

Re: [PacketFence-users] Switch Not Managed

Hello Roger, Disable the radius accounting services under the services section. PFacct and radius accounting are both enabled and you can only have one. Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

It worked. Fabrice Thanks alot! Really thank you Op wo 7 okt. 2020 om 15:30 schreef Fabrice Durand : > Ok so it looks that you iptables config is not able to load. > > It's probably related to NETFLOW kernel module. > > You have 2 choices, the first one: > > edit

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Ok so it looks that you iptables config is not able to load. It's probably related to NETFLOW kernel module. You have 2 choices, the first one: edit /usr/local/pf/conf/iptables.conf and remove the line "-I FORWARD -j NETFLOW" or do a yum update , if there is a new kernel then reboot the

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Hello Fabrice of course. Anything that helps. The output of the iptables -L -n -v command you'll find below: Chain INPUT (policy ACCEPT 1891K packets, 332M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 13 packets, 1053 bytes) pkts

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello Louis, can you provide the packetfence.log when you authenticate and hit the portal ? Regards Fabrice Le 20-10-06 à 17 h 30, Louis Scaringella via PacketFence-users a écrit : Still no luck with this. Can someone verify that my profile config looks alright? It seems very

[PacketFence-users] 10.1.0 Zen - Some services stopped causing network connectivity issues

Hello, I'm testing the 10.1.0 Zen server and lost connectivity to the server. I believe the issue happened after a reboot I initiated and then walked away for a few days but I'm not certain. I can no longer SSH to the server and can't ping the default gateway from the management interface.

Re: [PacketFence-users] Guest Sponsorship

Hello Louis, you will need to check in the packetfence.log what authentication source is used when you log on the portal (to validate the access). Regards Fabrice Le 20-10-06 à 21 h 47, Louis Scaringella via PacketFence-users a écrit : I made some progress with this. I can now progress

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Hello Geert, can you provide the file /usr/local/pf/var/conf/iptables.conf and the output of iptables -L -n -v Regards Fabrice Le 20-10-07 à 08 h 11, Geert Heremans via PacketFence-users a écrit : Thank you Maile and others Really appreciate it. Putting the management network on the

Re: [PacketFence-users] Authentication Failed.

Hello Maile, That’s your error there, fix it and fix your error. Authentication.conf [TCCAD] cache_match=0 read_timeout=10 realms=default basedn=CN=Administrator,CN=Users,DC=tcc,DC=to monitor=1 shuffle=0 searchattributes= set_access_durations_action= scope=sub email_attribute=mail

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Thank you Maile and others Really appreciate it. Putting the management network on the same as the DC din't work. Would it help if I joined the server using the net ads command end bypass the Join Domain function in PF? Best regards Geert Op wo 7 okt. 2020 om 10:32 schreef Maile Halatuituia <

Re: [PacketFence-users] Cisco SMB SG300 issue

Hello, What are trying to authenticate on the Cisco Sg300 ? Which type of authentication ? Mac authentication ? 802.1x ? Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind

Re: [PacketFence-users] Switch Not Managed

Hello Roger, Share your conf/switches.conf and remove your password for the radius shared secret. Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Hi Geert I did have the same issue as yours but mine got fixed when I put my management interface on the same network where my Doman Controller is. To be more clearer, my Domain IP is 10.0.1.x/24 and my PF Management Interface is 10.0.1.y/24. After I made that changed , everything works just

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Have you tried joining using the full domain name, that is, with the .be part? On Wed, Oct 7, 2020, 8:17 AM Geert Heremans via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello everyone > > I'm trying to get my PF10 server to join my domain. The PF hostname is > hades

Re: [PacketFence-users] Switch Not Managed

https://github.com/inverse-inc/packetfence/issues/3960 Are you using IP in this case then? Thank you, Louis Scaringella Security Systems Engineer Yellow Dog Networks 785-342-7903 On Oct 7, 2020, at 12:22 AM, Louis Scaringella wrote:  Hello, Not sure offhand about your issue but I ran into

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

FWIW I had this problem when I tried to specify an OU besides the default. Even if I pre-created the Packetfence object as specified, it still didn't work. I had to keep the OU default. Thanks. From: Geert Heremans via PacketFence-users Sent: Tuesday,

Re: [PacketFence-users] Can't load Captive Portal with Ubiquiti Wireless - GET not supported

Hello, Thanks for the help. Yes, that command outputs the correct IP for the AP: quiti-f0:9f:c2:70:c3:6c $VAR1 = '10.1.28.101'; However, it still only work when I manually add a switch for the AP. I don't know if it's important to note that in the PacketFence GUI there is only 1 switch

Re: [PacketFence-users] Cannot join domain using GUI - net ads join works

Hello Gents I did in fact try it using the tld of the domain. Without succes however. I've kept the Standard computer ou for the Creation of the account. Also to no available. Would it help of I Precreated a computer account with the same name as the server? Or would this give a conflict as of

Re: [PacketFence-users] Switch Not Managed

Hello, Not sure offhand about your issue but I ran into an issue similar a while ago. Under your network interfaces, do you have one that has Radius enabled on it in to listen in addition to management? Also, are you certain that IP of the controller in the log matches the switch IP you have