We are gradually phasing out EAP-MSCHAPv2. We configured EAP-TLS via GPO but we
couldn't find an easy way to see which devices are still using MSCHAPv2 without
going into each device detail or in the audit log.
Is there a way to trigger a security event when an EAP-MSCHAPv2 authentication
;http://www.youtube.com/user/akamaitechnologies?feature=results_main>
From: Cristian Mammoli via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>>
Reply-To:
"packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>"
mailto:packe
ture_1108004849] <https://twitter.com/akamai>
[signature_1663767090] <http://www.facebook.com/AkamaiTechnologies>
[signature_1102838030] <http://www.linkedin.com/company/akamai-technologies>
[signature_3945344201]
<http://www.youtube.com/user/akamaitechnologies?fea
Hi, after upgrading to 12.0 I noticed I have lots of:
httpd.aaa-docker-wrapper[33685]: httpd.aaa(7) ERROR: [mac:b0:22:7a:e3:ed:88]
error creating SNMP v2c read connection to X.X.X.X: No response from remote
host "containers-gateway.internal" (pf::Switch::connectRead)
Where X.X.X.X are IP
No more crashes in the last hour!
Il 17/09/2021 11:56, Cristian Mammoli via PacketFence-users ha scritto:
Anyway I managed to build 3.0.23 with the patches I linked. Since FR
crashes every couple of minutes I'll get an answer shortly ;-)
Il 17/09/2021 11:44, Quiniou-Briand, Nicolas ha scritto
Anyway I managed to build 3.0.23 with the patches I linked. Since FR
crashes every couple of minutes I'll get an answer shortly ;-)
Il 17/09/2021 11:44, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
I will let Fabrice confirm but for me, Fabrice was aware about this
bug and rebuild
Thanks Nicolas, can you share where to get the sources to build your
version of freeradius?
Il 17/09/2021 11:44, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
I will let Fabrice confirm but for me, Fabrice was aware about this
bug and rebuild FreeRADIUS with that fix.
*Nicolas
/4d4af808a7b25c307d53f3e99e4727b89b110f8c
https://github.com/FreeRADIUS/freeradius-server/commit/8e204e3b6ab408106a422a55dc32e00a67e12ef3
I'm rebuilding FR and I'll keep you posted
Il 17/09/2021 09:10, Cristian Mammoli via PacketFence-users ha scritto:
Hi guys, I'm going to open an issue upstream. Could
Hi guys, I'm going to open an issue upstream. Could you possibly share
the .spec file you use for building freeradius?
I didn't find in the repo or on github
Thanks
Il 15/09/2021 18:24, Cristian Mammoli via PacketFence-users ha scritto:
Hi, after upgrading to v11 I noticed tha radiusd auth
Hi, after upgrading to v11 I noticed tha radiusd auth
(packetfence-radiusd-auth systemd unit) frequenty exits with SEGV or
ABRT and gets restarted by systemd:
Sep 15 11:29:04 srvpf.apra.it kernel: traps: radiusd[344149] general
protection fault ip:42c6a8 sp:7f95a9c1aad0 error:0 in
I noticed that I can't save node searches anymore (can't find the button
at all)
Is it an issue with my setup??
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Thanks, another thing I noticed was not imported is the Fingerbank api key
Keep up the good work
Il 08/09/2021 14:06, Quiniou-Briand, Nicolas ha scritto:
Hello,
1. Issue has been solved by Julien in maintenance [1]
You need to reinstall latest packetfence-export package on your 10.3
Il 07/09/2021 12:55, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
First of all, thanks for your feedback.
1. Regarding /oauth/access_token and
/common/network-access-detection.gif, could you re-run the export
script like this:
#v+
bash -x
#_filter_engine_macro
<https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_filter_engine_macro>
Regards
Fabrice
Le lun. 6 sept. 2021 à 12:07, Cristian Mammoli via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> a écrit :
COuld you please provide an
COuld you please provide an example on how to configure a radius filter
to rewrite username?
I'm referring to this: https://github.com/inverse-inc/packetfence/pull/6293
Thanks
___
PacketFence-users mailing list
Hi guys, I don't if an issue on GH would be a better place to post. In
case let me know
Today I upgraded from 10.3 on CentOS 7 to v11 on CentOS 8
A few issue I noticed that imho should be taken care or documented:
* The export script tries to copy /oauth/access_token and
Solved!
Thanks!
Il 09/07/2021 11:50, Cristian Mammoli via PacketFence-users ha scritto:
Yes, they are identical, I'll try to change one and keep you updated
Il 09/07/2021 11:10, Quiniou-Briand, Nicolas ha scritto:
Hello,
> No both web interface and api users are admin but the passw
Yes, they are identical, I'll try to change one and keep you updated
Il 09/07/2021 11:10, Quiniou-Briand, Nicolas ha scritto:
Hello,
> No both web interface and api users are admin but the password is
not 'admin'
1. What do you mean by web interface and API users ?
2. Did you define a
No both web interface and api users are admin but the password is not
'admin'
Il 09/07/2021 08:06, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
It could be related to [1].
Is it possible that you use default admin password: ‘admin’ ?
[1]
[root@PacketFence-ZEN pf]# rpm -qa|grep packetfence
packetfence-release-2.1.0-20210414154410.286398790.0007.v10.3.0.el7.noarch
packetfence-10.3.0-20210414154410.286398790.0007.v10.3.0.el7.x86_64
[root@PacketFence-ZEN pf]#
[root@PacketFence-ZEN pf]# ls -rtl /usr/local/pf/.patches/
total 244
I tried in incognito, but it happens even with another browser
Here is the token_info property:
{
"item": {
"admin_actions": [
"NODES_DELETE",
"REALM_CREATE",
"TRAFFIC_SHAPING_DELETE",
"PFCRON_UPDATE",
"AUDITING_READ",
1. Did you manage tenants on this instance ?
Nope
2. Could you paste here results of following commands:
#v+
mysql -u $(perl -I/usr/local/pf/lib -Mpf::db -e 'print
$pf::db::DB_Config->{user}') -p$(perl -I/usr/local/pf/lib -Mpf::db -e
'print $pf::db::DB_Config->{pass}') -h $(perl
Yes, I run pf-maint.pl and rebooted
Il 05/07/2021 14:42, Quiniou-Briand, Nicolas ha scritto:
Hello Cristian,
Could you confirm that you applied latest maintenance patches and
restarted all services on your updated installation ?
*Nicolas Quiniou-Briand*
*Product Support Engineer***
Hi, after upgrading a setup from 8.1 to 10.3 (following all the steps
ofc) I can select the tenant in the web interface
Of course the global tenant is completely empty but is always selected
by default
This didn't happen in another similar update, the tenant is "default"
and cannot be
[root@srvpf conf]# cat domain.conf
[APRA]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=enabled
registration=1
ntlm_cache_expiry=2592000
dns_name=APRA.IT
dns_servers=192.168.0.7,192.168.0.76
ou=Computers
Great, thanks for the quick patch
Il 28/04/2021 04:25, Fabrice Durand via PacketFence-users ha scritto:
Hello Cristian,
thanks for the raport.
On my side i was able to replicate the issue and i pushed a fix in the
maintenance branch.
So you can run /usr/local/pf/addons/pf-main.pl
Hi, I noticed that after the upgrade to 10.3 I can authenticate to the
devices cli with any password ()
I reverted to 10.2 and it works correctly:
auth.conf:
[apra-user-auth-dc01]
cache_match=0
realms=apra,apra.it,default,null
basedn=dc=apra,dc=it
password=
It works, i tried clearing my user and loggin in reconnecting via wifi
and it's populated again.
What is the purpose of the redis cache then??
The initial bulk load anyway is not working...
cat /usr/local/pf/var/cache/ntlm_cache_users/APRA.valid-users.txt|wc -l
1643
[root@srvpf ~]#
[root@srvpf pf]# /usr/local/pf/bin/pfcmd cache
ntlm_cache_username_lookup_list
invalid arguments
Maybe you mean /usr/local/pf/bin/pfcmd cache ntlm_cache_username_lookup
list?
[root@srvpf pf]# /usr/local/pf/bin/pfcmd cache
ntlm_cache_username_lookup list
I get a bunch of user and computer
Hi, I configured the ntlm cache feature years ago and never looked back.
Today I checked the redis instance that should hold the nt hashes and it
is empty:
[root@srvpf ~]# redis-cli -h localhost -p 6383
localhost:6383> keys *
(empty list or set)
localhost:6383>
But I have no errors in the
I'm giving it a try, but I think you need to check the ntlm cache feature:
/usr/local/pf/lib/pf/domain/ntlm_cache.pm line 242
foreach my $server (split(/\s*,\s*/, $source->{host})) {
You are splitting $source->{host} as a string but it is an array already
hth
Il 14/04/2021 21:15, Ludovic
918 (x145)
::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Jan 21, 2021, at 11:08 AM, Cristian Mammoli via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Here it is:
User-Name = "8
ed-User-Name = "84:b1:53:xx:xx:xx"
Realm = "null"
FreeRADIUS-Client-IP-Address = xx.xx.10.20
Called-Station-SSID = "Test-Guest"
PacketFence-KeyBalanced = "xxxxxxxxxxxxxxx"
PacketFence-Radius-Ip = "xx.xx.xx.xx"
SQL-User-Name = &quo
(http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Dec 2, 2020, at 6:24 AM, Cristian Mammoli via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hi, following this post
https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.
ci guardo
Il 15/12/2020 10:56, Cristian Mammoli via PacketFence-users ha scritto:
Anyone?
Thanks
Il 02/12/2020 12:24, Cristian Mammoli via PacketFence-users ha scritto:
Hi, following this post
https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.html
I managed
Anyone?
Thanks
Il 02/12/2020 12:24, Cristian Mammoli via PacketFence-users ha scritto:
Hi, following this post
https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.html
I managed to get it (almost) working
The final missing piece is the fact that when the Firewall
Hi, following this post
https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.html
I managed to get it (almost) working
The final missing piece is the fact that when the Firewall tries to
autheticate the device using the username/password provided by post is sets
Thanks guys, keep up the good work
Il 20/04/2020 16:17, Nicolas Quiniou-Briand via PacketFence-users ha
scritto:
Hello Cristian,
Thanks for reporting this issue. It has been fixed in maintenance and
we are uploading a new pfacct binary.
When following pipeline [1] passed, you can run
Hi, after upgrading to pf 10 pfacct crashes after short time:
Apr 20 14:59:09 srvpf pfacct: panic: runtime error: slice bounds out of
range [:17] with capacity 13
Apr 20 14:59:09 srvpf pfacct: goroutine 77 [running]:
Apr 20 14:59:09 srvpf pfacct: main.(*PfAcct).RADIUSSecret(0xc72340,
Hi everyone, is it possible to disable netdata email alerts? We already
have a monitoring solution in place.
Thanks
C.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
PF Version: 9.3 (ZEN)
I have 3 nics:
eth0: 192.168.50.9/24 (management)
eth1: 192.168.11.100/24 (outside network)
eth2: 192.168.10.254/24 (inline, portal)
gw: 192.168.11.254
inline snat interface: eth1
portal fqdn: nac.mydomain.tld
When clients connect to the inline network they get redirected
bitwise and (&) at /usr/local/pf/lib/pf/radius.pm line 663.
(pf::radius::_translateNasPortToIfIndex)
Il 03/06/2019 18:05, Cristian Mammoli via PacketFence-users ha scritto:
Ok, a little bit of info:
The redirect acl on the example is unused, as well as the vpn
profile, so they shou
asPortToIfIndex)
Il 03/06/2019 18:05, Cristian Mammoli via PacketFence-users ha scritto:
Ok, a little bit of info:
The redirect acl on the example is unused, as well as the vpn profile,
so they should be removed by the docs
The plugin relies on the
mdm-tlv=device-mac=
radius attribute from th
it didn't work and PF
could not see my MAC
Il 03/06/2019 12:29, Cristian Mammoli via PacketFence-users ha scritto:
This is a debug log of a vpn connection.
Things I noticed:
There is no MAC address associated with the request and in Audit I see
the remote IP address as MAC address
:[undef]] creating new pf::Switch::Cisco::ASA object
(pf::SwitchFactory::instantiate)
^CJun 3 12:24:26 srvpf packetfence_httpd.aaa: httpd.aaa(28389) DEBUG:
[mac:[undef]] Setting current tenant ID
Il 03/06/2019 10:36, Cristian Mammoli via PacketFence-users ha scritto:
Hi, is it possible to h
Please, can you share some additional information and examples?
Il 24/05/2019 14:49, Cristian Mammoli via PacketFence-users ha scritto:
Hi Fabrice, any chance I can get a little bit more info on this topic?
Thanks for your time
Il 18/05/2019 09:33, Cristian Mammoli via PacketFence-users ha scritto
Hi Fabrice, any chance I can get a little bit more info on this topic?
Thanks for your time
Il 18/05/2019 09:33, Cristian Mammoli via PacketFence-users ha scritto:
Hi Fabrice, the auth source is already in use for wired and wireless
access and has role assignment working:
Testing
Cisco ASA VPN Configuration in 9.0
Hi, I'm trying to configure our ASA for VPN authentication but the docs
are a little bit vague considering this is a new concept
Steps I did:
* Added the asa in the switch group, configured PSK etc
* Configured access list in "Role by Access List"
* Added a
Hi, I already brought this up in the past and Fabrice said it was in the
roadmap, sorry to ask it again:
Is it possibile to register usernames of people authenticated via
ntlm_auth *without* the domain part?
Actually I have the same user registered twice in PF:
As "DOMAIN\user" when
:31, Cristian Mammoli via PacketFence-users a écrit :
Hello Fabrice, thanks. I was afraid I was doing something wrong.
I could possibly play with "radius-server domain-stripping" option on
IOS switches but I agree this should be handled by PF.
Il 18/10/2017 17:22, Fabrice Durand via P
Hi, multiple times a day haproxy-portal segfaults. I had to configure a
"watchdog" to restart it:
dmesg:
[313974.875103] haproxy[1983]: segfault at 581d9e1d ip 560257f6d1d2
sp 7ffca504d770 error 4 in haproxy[560257ed2000+101000]
[314296.013258] haproxy[11239]: segfault at 3575a81d ip
:32, Fabrice Durand via PacketFence-users ha scritto:
Hello Cristian,
in fact you can set a comma delimited list of ip addresses in the source.
Regards
Fabrice
Le 2018-05-08 à 04:54, Cristian Mammoli via PacketFence-users a écrit :
Hi, what's the correct way to have redundant authentication sourc
Hi, what's the correct way to have redundant authentication sources?
There is no way to specify multiple hosts.
I ended up declaring them twice with different servers and using both in
connection profiles but I don't know if this is the correct way to go:
apra-machine-auth-dc01 Apra
Il 05/05/2018 04:25, Durand fabrice via PacketFence-users ha scritto:
So i did the change and the new binary will be available tomorrow there:
http://inverse.ca/downloads/PacketFence/CentOS7/binaries/maintenance/8.0/
Regards
Fabrice
Thanks Fabrice, i'll do some tests ASAP. I need to
" IN nac.apra.it. udp 29 false 512"
NOERROR qr,aa,rd,ra 87 3.211035ms
Il 03/05/2018 14:34, Fabrice Durand via PacketFence-users ha scritto:
Weird, it's suppose to return the portal ip.
Can you do this on a laptop:
nslookup nac.apra.it
and on the same time on the packetfence se
Before 8.0 I simply run addons/pf-maint.pl, applied the patches and
restarted the services
How do I do now that there are go binaries involved? I see pf-maint.pl
patches the sources in go/ and there is a addons/packages/build-go.sh
Do I have to run that?
Ty
, Cristian Mammoli via PacketFence-users a écrit :
Hi, isn't pfdns supposed to resolve the portal FQDN from isolation and
registration vlan? I'm using 8.0
ATM for me isn't working:
My pf.conf is:
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=apra.it
#
# general.hostname
Hi, isn't pfdns supposed to resolve the portal FQDN from isolation and
registration vlan? I'm using 8.0
ATM for me isn't working:
My pf.conf is:
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=apra.it
#
# general.hostname
#
# Hostname of PacketFence system. This is
Hi, see my post "[PacketFence-users] pfappserver::Controller::Node
broken after update to 7.4" of 01-29
Il 02/02/2018 16:43, David Harvey via PacketFence-users ha scritto:
Sorry for all the mailing list spam. I've been having a bit of a
packetfence tinkering week!
Since upgrading to
Same goes with the WMI tab in the node properties.
Il 29/01/2018 13:17, Cristian Mammoli via PacketFence-users ha scritto:
Hi, after updating to 7.4 I have the following issues in the admin
portal:
Restart switchport on the node details show:
*Error!* An error occured while contacting
-+
So it looks that the in/out bytes are never reseted and the switch send
the in/out bytes since the switch started.
What i can recommend is there is a new ios version then upgrade, if it
doesn't fix the issue then open a TAC with cisco.
Regards
Fabrice
Le 2017-11-15 à 06:09, Cristian M
Ok this my Notebook wifi adapter (E4:B3:18:2C:E0:C0) and 192.168.7.221
is a Cisco WLC. No problem here, the accounting data looks ok:
MariaDB [pf]> select * from radacct_log where
acctuniqueid="c16c078f963c875d37013c5cba979106";
Hi Fabrice, could you please give me an hint to start looking whats
going wrong here? How is bandwidth calculated and where?
Thanks in advance
Il 19/10/2017 18:22, Cristian Mammoli via PacketFence-users ha scritto:
If you mean PacketFence is 7.3.0
If you mean IOS: Cisco IOS Software, C2960X
If you mean PacketFence is 7.3.0
If you mean IOS: Cisco IOS Software, C2960X Software
(C2960X-UNIVERSALK9-M), Version 15.2(2)E6, RELEASE SOFTWARE (fc1)
Il 19/10/2017 16:41, Fabrice Durand via PacketFence-users ha scritto:
Hello Cristian,
which version are you running ?
Regards
Fabrice
Hi, I received an alert from packetfence with the following content:
Detect : No Antivirus software installed
Last Session :
Session Start : 2017-10-19 15:41:21
Bandwidth Statistics :
Today : 128.78 GB (IN: 31.46 GB // OUT: 97.32 GB )
This Week : 128.78 GB (IN:
Hello Fabrice, thanks. I was afraid I was doing something wrong.
I could possibly play with "radius-server domain-stripping" option on
IOS switches but I agree this should be handled by PF.
Il 18/10/2017 17:22, Fabrice Durand via PacketFence-users ha scritto:
Hello Cristian,
It is but
Hi, sorry to dig this up... Could someone please explain if this
behaviour is expected or not?
Thank you
Il 02/08/2017 17:59, Cristian Mammoli via PacketFence-users ha scritto:
Of course I checked "Use stripped username" and added "strip to the
realm option.
Il 02/08/2017
100024 self closes when there is no wmi violation.
When there is a violation triggered by the scan engine with action_param
= mac = $mac, tid = 12, type = INTERNAL then it does not close
itself. I configured the violation to allow the user to self remediate
(e.g. uninstall an unwanted
Thanks for the clarification Fabrice
Il 11/08/2017 02:05, Durand fabrice via PacketFence-users ha scritto:
Not yet but probably in futur version.
--
Check out the vibrant tech community on one of the world's most
WMI works for me on production network, what issues are you having?
Il 10/08/2017 14:37, Akala Kehinde ha scritto:
Hi Cristian,
Took me some time too to have the WMI scan running, but even only
works for pre-reg. Failed for Reg and Post-reg scans.Had any success
with that?
Hi Akala, the result is the same for the ssl_options. It only tells LWP
UserAgent to not verify the hostname. I just wanted to avoid editing
something external to packetfence.
I attached my nessus6.pm, but try to update
/usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with the latest upstream
I'm getting the same error. Nessus is running and I can connect with
wget https://127.0.0.1:8834 --no-check-certificate
Even a simple test program such as this fails with the same error even
if the data is correct:
use Net::Nessus::REST;
my $nessus = Net::Nessus::REST->new(
Does Packetfence work with OpenVAS-9 (Greenbone OS 4)?
--
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)
--
Check out the vibrant tech community on one of the world's most
push @ans, $query_non_filtered->answer;
if (@ans) {
$results{rcode} = "NOERROR";
Il 08/08/2017 17:44, Cristian Mammoli via PacketFence-users ha scritto:
Poking in the code I found that pfdns calls matches_passthrough in
lib/pf/util/dns.pm which returns t
Poking in the code I found that pfdns calls matches_passthrough in
lib/pf/util/dns.pm which returns the following (with data dumper):
1,
$VAR1 = [
'tcp:8080'
];
But it does not work
--
Check out the
Hi, I don't know if I'm hitting a bug or I'm missing something. I'm
using 7.2 (ZEN), enabled passthrough and configured it like this:
[root@srvpf ~]# grep ^passt /usr/local/pf/conf/pf.conf
passthrough=enabled
passthroughs=*.facebook.com,*.fbcdn.net,*.akamaihd.net,portquiz.net:tcp:8080
Notice
Hi Fabrice, as I wrote in the previous reply I found the issue with my
configuration (a missing dot in the value statement). I still get the
warning when the query does not return results but the violation gets
correctly triggered.
I can send you the debug lines anyway if you want
Ty
Il
Il 07/08/2017 15:23, Cristian Mammoli via PacketFence-users ha scritto:
Hi, this is pretty trivial I think but I didn't find a way to make it
work.
I want to trigger a violation when a client has no antivirus
installed, i configured a wmi rule like this:
[custom_Antivirus]
request=select * from A
Hi, this is pretty trivial I think but I didn't find a way to make it work.
I want to trigger a violation when a client has no antivirus installed,
i configured a wmi rule like this:
[custom_Antivirus]
request=select * from AntiVirusProduct
namespace=ROOT\SecurityCenter2
action=
It works perfectly, thanks!
Il 04/08/2017 14:59, Fabrice Durand via PacketFence-users ha scritto:
Hello Cristian,
you can do that:
[smartphones_by_devclass]
filter = node_info.device_class
operator = is
value = Smartphones/PDAs/Tablets
[employees_ssid]
filter = ssid
operator = is
value =
ppropriate vlan BY DEFAULT, but I should be able to override this if needed
Ty
Il 03/08/2017 14:20, Cristian Mammoli via PacketFence-users ha scritto:
Hi, is it possible to assign a role based on the device class as shown
in the nodes page?
I would like to put all corporate smartphones in a dedic
Hi, is it possible to assign a role based on the device class as shown
in the nodes page?
I would like to put all corporate smartphones in a dedicated vlan but I
didn't find a way to do it.
Smartphones are authenticated with 802.1x, I tried to assign a role in
the authentication source based
Of course I checked "Use stripped username" and added "strip to the
realm option.
Il 02/08/2017 15:26, Cristian Mammoli via PacketFence-users ha scritto:
Hi, in my POC I'm trying the following setup:
If a computer does not support 802.1x should be presented with the
capti
Hi, in the admin guide section 9.2.1 is specified:
*If you would like to differentiate user authentication and machine
authentication using Active Directory, one way to do it is by creating a
second authentication sources, for machines:*
Is this a best prectice? What if don't configure an
Hi, in my POC I'm trying the following setup:
If a computer does not support 802.1x should be presented with the
captive portal where the user can register the device, access the
production network and join the domain
Once joined 802.1x is configured and enabled via GPO.
With 802.1x enabled
Message-
From: Cristian Mammoli via PacketFence-users [mailto:packetfence-
us...@lists.sourceforge.net]
Sent: Monday, July 31, 2017 11:30 AM
To: packetfence-users@lists.sourceforge.net
Cc: Cristian Mammoli
Subject: [PacketFence-users] Add support for LLDP on Cisco Switches
Hi, looking at the code
ay are the interface registration of PacketFence.
Make sure you do not have any ACL on the switch or network that could conflict
with it.
Try to reach the portal and see if the IP of the test device is hitting the
portal look into logs/httpd.portal.access
Thanks
On 07/28/2017 08:00 AM, Cristian Mam
Hi, looking at the code it seems that LLDP is only supported in Cisco 2950:
[root@srvpf ~]# grep -r supportsLldp /usr/local/pf/lib/pf/Switch/Cisco
/usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm:sub supportsLldp { return
$FALSE; }
/usr/local/pf/lib/pf/Switch/Cisco/Catalyst_2950.pm:sub supportsLldp
Hi, installed the latest pf on CentOS 7 following the official
documentation, I configured a mangement, registration, isolation and
portal interfaces. I joined the server to a AD domain, configured an
authentication source and a connection profile and configured a switch
(Cisco 2960x) with
89 matches
Mail list logo
