Re: [PacketFence-users] Packetfence set role by mac not user...

Hi Fetagunken I have same issue and got fixed by what Ludovic suggest here, my switch default 801.x is mac-auth, I have to change it to eap then it works fine. From: Ludovic Zammit via PacketFence-users Sent: Friday, 9 October 2020 1:22 AM To: Fetakungen Virtual Adventurer Cc: Ludovic Zammit

[PacketFence-users] Issues with browsers Chromium and Google Chrome in management GUI PF 10.2

Hi Guys, Just installed PF 10.2 on CentOS7, applied all patches and started setting up the same way as I usually do in PF 10.1. I usually use the latest version of Google Chrome. I did the initial "configurator" configuration and there were no issues using the Chrome browser. Once I went

Re: [PacketFence-users] Connection Profile and SSID Filter

Any other filter used such as switch filter on the connection profile works and matches fine but not the SSID filter. I just don’t understand why the portal profile would be different from the Httpd aaa profile that it matches fine. Thank you, Louis Scaringella Security Systems Engineer

Re: [PacketFence-users] Connection Profile and SSID Filter

What would cause the httpd.aaa process to match the correct profile but then the httpd.portal to match the default? Does it not use the same criteria and filters as the connection profile does? The only change here between scenarios is the SSID filter added to the connection profile so

Re: [PacketFence-users] Connection Profile and SSID Filter

Although it seems to now find the SSID, when I add the SSID filter back to my connection profile, it once again doesn’t instantiate the correct profile for the httpd.portal: Oct 8 14:30:22 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of

Re: [PacketFence-users] Connection Profile and SSID Filter

Ok, thanks. I followed your instructions and rebooted. Here is the new log: Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSSIDFromCalledStationId) Oct 8 14:06:19

Re: [PacketFence-users] Connection Profile and SSID Filter

What should I do with that file you sent? Add that to switch.pm or replace it? Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 8, 2020, at 1:41 PM, Fabrice Durand wrote: > > Hello Louis, > > let's take a look at >

Re: [PacketFence-users] Connection Profile and SSID Filter

I don’t have any inline interfaces or config in this environment. PacketFence has a single IP address on one interface and is used for Radius, management, and the portal in this case. Choosing the “Aruba” switch template vs the “Aruba Wireless Controller’ template in my switch config seems to

Re: [PacketFence-users] Connection Profile and SSID Filter

Revert the change in Switch.pm then do: cd /usr/local/pf/ curl https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff | patch -p1 Le 20-10-08 à 14 h 43, Louis Scaringella a écrit : What should I do with that file you sent? Add that to switch.pm or replace it?

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello Louis, let's take a look at https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff Also it can happen when per example the registration network is an inline network. Regards Fabrice Le 20-10-08 à 14 h 37, Louis Scaringella a écrit : What would cause

Re: [PacketFence-users] Connection Profile and SSID Filter

I updated this and didn’t work. Here is the log again: Oct 8 11:16:15 localhost packetfence_httpd.aaa: httpd.aaa(2088) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSsid) Oct 8 11:16:15 localhost packetfence_httpd.aaa:

Re: [PacketFence-users] Packetfence set role by mac not user...

Well the HP swtiches as supplicants does not support EAP, they only supp chap md5… Still the username SHOULD match the role ? BR, Anton. Från: Ludovic Zammit Skickat: den 8 oktober 2020 14:22 Till: Fetakungen Virtual Adventurer Kopia: packetfence-users@lists.sourceforge.net Ämne: Re:

Re: [PacketFence-users] Connection Profile and SSID Filter

I tried that and rebooted and it still shows me hitting the default profile and same error in the PacketFence.log file. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 1:58 PM, Fabrice Durand wrote: > > It looks to be a bug in the switch

Re: [PacketFence-users] Connection Profile and SSID Filter

From the Aruba.pm switch file I see this: sub extractSsid { my ($self, $radius_request) = @_; my $logger = $self->logger; # Aruba-Essid-Name VSA if (defined($radius_request->{'Aruba-Essid-Name'})) { return $radius_request->{'Aruba-Essid-Name'}; } $logger->warn(

Re: [PacketFence-users] Connection Profile and SSID Filter

Sorry for the flood, but I think I made some progress with this although I still think we need to address the Aruba Wireless Controller switch template. I changed my switch template from Aruba Wireless Controller to just Aruba and it sounds like now it does at least see the SSID. However, in my

Re: [PacketFence-users] Connection Profile and SSID Filter

To think of it, why does this show Switch template used when I have configured the “Aruba Wireless Controller” template to be used for this switch in the “Switch” section of PacketFence. Shouldn’t it be using the Aruba template? Louis Scaringella Security Systems Engineer Yellow Dog Networks,

Re: [PacketFence-users] Configuration is lost when setting an interface to registration and adding portal-deamon

Hello, Send a screenshot of your configuration. Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) and PacketFence

Re: [PacketFence-users] Connection Profile and SSID Filter

Try that, it should work. edit lib/pf/Switch.pm and replace extractSsid function with: sub extractSsid {     my ($self, $radius_request) = @_;     my $logger = $self->logger;     # it's put in Called-Station-Id     # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or

Re: [PacketFence-users] Packetfence set role by mac not user...

Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username =>

[PacketFence-users] Configuration is lost when setting an interface to registration and adding portal-deamon

Hello I'm trying to configure a NIC to act as the registration network and to put a captive portal on it for device registration. When I adding a NIC the role Registration and save whenlooking back the NIC is always set into the other mode. Also adding a listener demon like portal won't work.

Re: [PacketFence-users] Connection Profile and SSID Filter

It looks to be a bug in the switch template. Right now there is no method to extract the ssid in other attributes than colling-station-id. We will make a patch to update the default method to extract the ssid from Called-Station-SSID. Le 20-10-07 à 14 h 19, Louis Scaringella a écrit :

Re: [PacketFence-users] Packetfence set role by mac not user...

This is what I don’t understand why does it state this ?... Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Oct 7 23:24:16 RADIUS-1