Hello Adrian,
I deal with that sometimes and it's supposed to be the NAS that sends
the Framed-MTU
attribute.
Are you able to see it in the request ?
Can you change it on the AP side ?
Also if you change it on the freeradius side i don´t think it will change
anything.
Regards
Fabrice
Le mar.
Just like that:
[image: image.png]
Le dim. 20 mars 2022 à 07:39, P.Thirunavukkarasu
a écrit :
> Hi Fabrice,
> Thank you and Sorry for the question...
>
> *Create the connection profile for outbound authentication*
> *"Create the Connection Profile named External Eduroam authentication
> Check
Hello Dennis,
you can add it there, it should work.
https://github.com/inverse-inc/packetfence/blob/devel/html/pfappserver/lib/pfappserver/Form/Config/Source/Billing.pm#L64
Regards
Fabrice
Le ven. 18 mars 2022 à 09:46, Schüller Dennis via PacketFence-users <
Hello Thirunavukkarasu,
the realm eduroam is define in the freeradius unlang, so if the logic
detect that it´s an outbound authentication then the realm eduroam will be
added in the request.
For the DEFAULT one you should use your domain for that.
Regards
Fabrice
Le ven. 18 mars 2022 à 09:45,
Hello Torem,
i don´t have a Palo Alto on my side but if it works by just allowing the
User-ID part then we will have to adjust our documentation.
Regards
Fabrice
Le ven. 18 mars 2022 à 09:45, Toren Smith via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Just a quick
Hello Tomas,
try that (conff/radiusd/rest.conf):
https://github.com/inverse-inc/packetfence/commit/5ee142d9ba6ce457c10967013fa11a361caa9694
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, tomas.rybicka via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Dear Packetfence
Hello Thirunavukkarasu,
do that instead:
/usr/sbin/freeradius -d /usr/local/pf/raddb -n auth -fxx -l stdout
and paste the output.
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, Thirunavukkarasu Palanisamy via
PacketFence-users a écrit :
> Hi Team,
> Greetings of the day
>
> After upgrading
Hello Chris,
instead of 2210 , set it to 0 in packetfence (i mean use the native vlan).
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, Chris Jordan via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
> I have an odd issue switching VLANs on Meraki Wifi.
>
> I
Hello Trevor,
in the coming new PacketFence release we added that:
https://github.com/inverse-inc/packetfence/pull/6772
Which allow you to create a radius probe account in order to test if the
server is available.
Btw access-reject also means that the server is available.
Regards
Fabrice
Le
I have a debian cluster running on my side wit the raddebug command here:
/usr/sbin/raddebug
and it´s coming from the freeradius package.
root@cluster3:/usr/local/pf# apt-file search raddebug
freeradius: /usr/sbin/raddebug
Le lun. 21 févr. 2022 à 10:27, Adrian Damaschek <
Sorry a typo
raddebug -f /usr/local/pf/var/run/radiusd.sock -d 3000
For the MTU i think that it needs to be done on the AP (to match the VPN
value) and maybe on the vpn server too.
Le lun. 21 févr. 2022 à 09:58, Adrian Damaschek <
adrian.damasc...@technicondesign.com> a écrit :
> Hi Fabrice,
>
Hello Adrian,
glad to know that it works for you.
Btw I have no clue why the TPM module cannot be used.
I know that we got an issue with certificates provided by intune where
Freeradius complained that it wasn´t able to decrypt too.
There are also issues with Android and intune if the
Hello Adrian,
the error is "err="crypto/rsa: decryption error""
We got multiple issues with intune because of the Key Storage Provider, can
you verify that it´s configured like that ?
[image: image001.png]
Regards
Fabrice
Le mer. 16 févr. 2022 à 11:24, Adrian Damaschek <
Hello Adrian,
welcome to the intune world ...
Do you see in the packetfence log when the 500 happens ? (journalctl
command)
Did you defined the scep url as http ? If it´s the case you can take a
network capture to see what happen exactly.
We also made change in the incoming PacketFence version
what kind of authentication source you use to authenticate ?
Le ven. 11 févr. 2022 à 16:05, Jorge Nolla a écrit :
> Hi Fabrice,
>
> I did try $username, but it returns the DEFAULT username and not the
> actual username which was used to register the device with in the portal.
>
>
> On Feb 11,
Hello Jorge,
you can try that:
https://github.com/inverse-inc/packetfence/commit/e99698c955d596b6d04ef52c64a7aadc21f34e47
Regards
Fabrice
Le ven. 11 févr. 2022 à 12:04, Jorge Nolla a écrit :
> Hi Fabrice,
>
> This is the last step for us to get this working, any thoughts?
>
> Thank you!
>
There is no realm so you have to configure the null realm.
Le mer. 9 févr. 2022 à 20:12, Jorge Nolla a écrit :
> Hi Fabrice,
>
> This is the output when It receives an accounting message from the
> controller:
>
>
> ^C[root@wifi jnolla]# radsniff -i any -f "port 1813" -x
> Logging all events
>
Hello Jorge,
you have to enable radius-acct service.
It´s radius-acct who is able to proxy the request to another server, not
pfacct (btw you can keep it enabled).
Regards
Fabrice
Le mer. 9 févr. 2022 à 19:21, Jorge Nolla a écrit :
>
> Another configuration file with references to the
Yes, that's it.
Le mar. 8 févr. 2022 à 11:23, Jorge Nolla a écrit :
> Fabrice,
>
> The document you had provided didn’t layout the configuration steps. I
> think this might be the correct document for the configuration you are
> referring. If you have a chance take a look and let me know.
>
>
You can try that instead:
my $html_form = qq[
http://$controller_ip:8443/login;>
];
It will pass the mac address of the device in the radius request as
username and password instead of the real username and password who has
been
Hello Jorge,
i really think that it´s not the correct way to support the web auth in
Huawei.
The only thing you can do with the portal is to authenticate with a
username and password, there is no way to do anything else
(sms/email/sponsor/).
Also when you authenticate on the portal , the
Did you try to hardcode that in the code and see if it works ?
Also i don´t understand the goal of passing the username and password , is
there any extra check after that ? What happen if the user register by
sms/email ?
And i just found that:
I just pushed a fix.
cd /usr/local/pf
curl
https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
| patch -p1
and restart
Le lun. 7 févr. 2022 à 13:46, Jorge Nolla a écrit :
> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>
>
> Feb 7
I am just not sure what to set for username and password, if you do sms
auth then there is no password.
Also in the url it looks that it miss the mac address of the device , can
you try to add device-mac and see if the device mac is in the url ?
Here the first draft:
Great!
it will be easier.
Le dim. 6 févr. 2022 à 18:38, Jorge Nolla a écrit :
> Fabrice,
>
> I figured out why the AC is formatting in that way,
>
>
> 6.3.7.3.6 The URL of the Redirected Portal Page Contains %XX, Which Cannot
> Be Identified by Some Portal Servers
>
> When a third-party Portal
Hello Jorge,
i have what i need at least to be able to support the web-auth.
The only thing i am not sure is at the end of the registration process what
we are supposed to do.
I will create a branch on github in order for you to test. (it will be an
update of the Huawei switch module).
For
Hello Jorge,
what we need is the user mac and the ap information.
I found that
https://support.huawei.com/enterprise/en/doc/EDOC118283/659354b1/display-url-template
Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ?
And if yes can you provide me the url generated by
Hello Jorge,
i will have a look closer.
But i have a question, when the device is forwarded to the captive portal,
(just before
https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin)
, what is the url ?
You should be able to see it in the
In fact it depend what you need exactly but the idea is to configure the
default realm to forward the accounting to another server (defined as a
radius source).
So create a radius source in packetfence and in the realm config select
this source for the accounting.
Restart radius and it should
Hello Jorge,
the only way is to use radius-acct instead of pfacct.
pfacct doesn´t implement that right now.
So disable pfacct and enable radius-acct.
Regards
Fabrice
Le mer. 2 févr. 2022 à 19:55, Jorge Nolla via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
>
Hello Jorge,
do you have any Huawei documentation to implement that ?
Regards
Fabrice
Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team,
>
> We were wondering if anyone has had any success in configuring Web Auth
>
Hello Leon,
can you post the output of raddebug ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
and retry to authenticate the phone.
Regards
Fabrice
Le mer. 2 févr. 2022 à 08:19, Leon Pinto via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello All,
>
Hello Diego,
you can change it there:
https://github.com/inverse-inc/packetfence/blob/devel/go/httpdispatcher/proxy.go#L148
then go in /usr/local/pf/go
make go-env
source ~/.bashrc
make pfhttpd
mv pfhrrpd ../sbin
systemctl restart packetfence-httpd.dispatcher.service
Regards
Fabrice
Le mer. 2
Hello Mickael,
first Marseille and Paris are not supposed to work together but we will try
to make it work.
It looks that there is a misconfiguration on the Paris server, it´s
not suppose to return any vlan/acl but just accept or reject.
So on the Eduroam server how did you define the Paris
Hello Simon,
since the ocsp url is http , you could capture the traffic and see what
happens exactly.
Regards
Fabrice
Le mar. 1 févr. 2022 à 12:54, Simon Sutcliffe via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team
>
>
>
> Another day another issue with our
Hello Christopher,
if you have an API in front of the postgresql db then it won´t be too
complicate to code.
I did that in the past and the code is there:
https://github.com/inverse-inc/packetfence/compare/feature/rest_provisioner
Regards
Fabrice
Le jeu. 27 janv. 2022 à 14:51, Chris Jordan
Hello Simon,
if you change this line
https://github.com/inverse-inc/packetfence/blob/devel/conf/template_switches.conf.defaults#L94
from
acceptRole=Filter-Id = $role
to
acceptRole=Filter-Id = ${role}.in
and do a /usr/local/pf/bin/pfcmd configreload hard
does it work ?
Regards
Fabrice
Le
Hello Simon,
what switch module are you using in PacketFence ?
It´s implemented here:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L580
Regards
Fabrice
Le ven. 21 janv. 2022 à 02:43, Simon Sutcliffe
a écrit :
> Dear Team
>
>
>
> Over the last
Hello Syed,
you have to use dev mode in the browser to see if you have any error (like
404) related to netdata (https://mgmt_ip:1443/netdata/)
Once found can you post the url ?
Regards
Fabrice
Le jeu. 13 janv. 2022 à 09:53, Misbah Hussaini via PacketFence-users <
Hello Simon,
right now it´s not possible to use OpenID on the self service portal.
It won´t be too complex to add.
Regards
Fabrice
Le mar. 14 déc. 2021 à 01:14, Simon Sutcliffe via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team
>
> Any chance of a yes or no
It´s NOT
Le lun. 13 déc. 2021 à 15:29, Erich Flynn via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Can we confirm PacketFence is not subject to CVE-2021-44228?
> Chat
> Spaces1
> Meet
> New meetingMy meetings
> ___
>
Hello Jules,
what do you mean by "We set an IP address on the registration field of the
switch which is the same as our PF " ?
Do you have more details on how you configured your setup ?
Regards
Fabrice
Le mer. 1 déc. 2021 à 10:10, HERVAULT Jules via PacketFence-users <
Hello Adelmo,
yes you can integrate packetfence with anyconnect.
There is some documentation about that
https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_asa
Regards
Fabrice
Le mer. 1 déc. 2021 à 10:11, Adelmo Itsuzo Takemori via PacketFence-users <
Hello Adrian,
most of the requests are from the radius probe from the switch.
Probably that is configured on your switch:
automate-tester username dummy ignore-acct-port idle-time 3
So it looks to be normal.
Regards
Fabrice
Le mar. 2 nov. 2021 à 04:08, Adrian Dessaigne
a écrit :
> Hello
Hello Perez,
try this one:
https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_2960
Regards
Fabrice
Le sam. 30 oct. 2021 à 01:54, Perez, Maximo II - ECS ISS
a écrit :
> Hi Durand,
> What is the switch configuration on the Cisco switch that should be made
> to
Redhat8 or Debian11
Le ven. 29 oct. 2021, 18 h 30, ypefti--- via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Good news, thanks, Ludovic.
>
> I grasped for this opportunity to try to upgrade ours to the new release
> while we are not in production mode now.
>
>
Hello John,
i would say as always with iphone ...
The thing is if you try to change the vlan id after the registration on the
portal then the iphone will disconnect and ... never try to reconnect.
Compare to android and windows devices who will reconnect.
The only solution is to use web-auth in
Hello Maximo,
a switch can be added in this section:
https://pfmgmt:1443/admin#/configuration/switches
Regards
Fabrice
Le ven. 29 oct. 2021 à 08:50, Fabrice Durand a écrit :
> Hello Maximo,
>
> a switch can be added in this section :
>
>
> Le lun. 18 oct. 2021 à 01:23, Perez, Maximo II - ECS
Hello Frederico,
what version of the ubiquiti controller are you running ?
Also did you define the switch in the packetfence configuration (like by ip
or mac ?)
Last thing, can you try that http:///guest/s/default/ (notice
the / at the end).
Regards
Fabrice
Le mer. 27 oct. 2021 à 02:27,
Hello Adrian,
you can try that to see exactly what happen:
tshark -i any -f "port 7070" -Y "http.request || http.response" -V
Regards
Fabrice
Le mar. 26 oct. 2021 à 05:56, Adrian Dessaigne via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi again,
>
> I'm trying
Hello Arun,
sorry for the late reply.
Can you add just before this line:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/role.pm#L737
use Data;;Dumper;
$logger->warn(Dumper $args);
then restart httpd.aaa and retry.
You should be able to see all the args in the logs. (if you can
Hello,
what a surprise ... , it´s not like always.
On my side to troubleshoot that, i use a mac to connect to the phone and
check the console log.
Also i am doing a network capture on the PacketFence side (filter the ip
address of the device) and see if there is any traffic coming from the
In fact it´s a little bit more complicate since you do autoregistration.
What you can do is to trigger the security event with action isolate.
Then create a vlan filter that disable the autoregistration if the security
event is open for this device.
Then the first request will be rejected
Yes you can do that
Le mar. 14 sept. 2021 à 06:15, David Harvey a
écrit :
> Borderline thread hijack, but as it's on topic:
>
> Is it possible to use the radius username rewrite functionality in
> combination with "Dot1x recompute role from portal"
>
> Thanks,
>
> David
>
> On Tue, Sep 7, 2021
Hello Stephan,
it looks that you strip the username somewhere, do you have a realm or a
radius filter who do that ?
Regards
Fabrice
Le lun. 13 sept. 2021 à 16:41, Kaufhold, Stephan via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> the client
Hello Arun,
try that.
cd /usr/local/pf
patch -p1 --dry-run < max_node.diff
if there is no error:
patch -p1 < max_node.diff
Then restart packetfence.
Regards
Fabrice
Le sam. 11 sept. 2021 à 10:40, Arun Kangle a écrit :
> Hi Fabrice,
> Thanks for your reply. I will need help on this.
>
>
Hello,
yes it´s possible, but not with the "radius_request.Reply-Message" since
it´s a reply not a request.
I think you need to add the radius attribute in the configuration->radius
attributes (i don´t have the admin interface in front of me) then add
Reply-Message.
Once done, you should be able
Hello,
i believe the solution is to use eap-tls but if they don´t provide the ca
certificate of their company then they will have to provide a way to talk
to their radius server. (something like eduroam)
The other solution can be to allow the vpn server in the passthrough then
if they connect on
Hello David,
you don´t have to change the pm file but the translation one. (it´s a po
file)
Do something like that on you pf server to find the file):
grep "I accept the terms" * -r
Then edit it and change the stuff you want.
Then in /usr/local/pf do:
make translation
Regards
Fabrice
Le
Hello Arun,
in fact you need to define the layer3 remote network in packetfence
(network interface section) and you will need to forward the dhcp traffic
from the remote network to packetfence. (i hope the traffic is not natted)
Regards
Fabrice
Le ven. 27 août 2021 à 07:57, IS AppSec
Hello Peter,
kerberos is not supported by the windows supplicant, so it´s not possible.
What you can do is to enable the nt-hash feature in packetfence and just
deal with that. (no more ntlm)
Regards
Fabrice
Le mer. 25 août 2021 à 05:54, Chin, Peter via PacketFence-users <
Hello Fernando,
upgrading centos 7 to centos 8 is "possible", i did it but it's not the
method i recommend.
IMO you should start from scratch and install Rocky/Alma linux and install
packetfence 11 on it.
Btw there is an upgrade script you can use to export the config to a new
server.
Regards
Hello Joffrey,
as i remember it´s a switch config to do, not sure every vendor supports it
(at least cisco supports it).
Regards
Fabrice
Le jeu. 26 août 2021 à 15:55, Joffrey Bienvenue via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Good morning
>
> In order to
Hello All,
remove that from pf.conf:
[captive_portal]
ip_address=192.168.203.1
Just quick explanation why there is this parameter, it´s just because of
samsung devices.
If the device is on the same layer2 that the registration interface then
the portal ip address needs to be on a different
Hello Arun,
there is no security event that trigger that but it´s not something really
complicate to add in packetfence.
If you look at is_max_reg_nodes_reached in node.pm, you can trigger a
security event from there.
Let me know if you need help on that, it won´t take me so much time to code
Hello Ivo,
Hum, first you need to add virtual ips on the WAN interface and play with
conf/iptables.conf to add your rules.
Also which interface is the management one ? (this one is natted by
default).
Regards
Fabrice
Le ven. 10 sept. 2021 à 01:40, Admin SielNet via PacketFence-users <
Hello,
you have to use the preprocess scope in the radius filter.
In addition you can use the macro
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_filter_engine_macro
Regards
Fabrice
Le lun. 6 sept. 2021 à 12:07, Cristian Mammoli via PacketFence-users <
Hello Francisco,
it happen directly on the client browser.
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/CoovaChilli.pm#L84
So i recommend to run the chrome dev mode and see in the network tab if the
device is able to tell the AP that it is registered.
Regards
Fabrice
Hello Jake,
as Diego said it can be a lack of the dhcp option for the RFC7710 in your
dhcp server (i coded the dhcp server with all my love and you still don't
want to use it).
It can also be a certificate issue, if the certificate expiration date is
more than x months then apple devices don like
Hello Thapeli,
i can see that you have multiples issues in your config.
First the switch config doesn't looks to be correct.
If the packetfence server is plugged on the port Fa/01 only the vlan 1 is
allowed.
Next you don't have to enable 802.1x on this port.
interface FastEthernet0/1
Hello,
it has been fixed but it introduced a new regression.
Can you try that:
https://github.com/inverse-inc/packetfence/commit/2b622a55fda11390d2d7c7cc6752f0dd3d4af2e6
Regards
Fabrice
Le jeu. 8 juil. 2021 à 14:06, mi saki via PacketFence-users <
packetfence-users@lists.sourceforge.net> a
Hello Mark,
When from the admin gui you register the device, do you change the unreg
date ?
Regards
Fabrice
Le mer. 23 juin 2021 à 19:38, Mark Okuno via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello packetfence-users,
>
> We are running packetfence 9.0 on a
Hello Mathieu,
in fact if you want to use FreeIPA , you need to have the clear-text/nthash
version of the password in the ldap directory.
Btw i don't know if samba is available with FreeIPA.
Regards
Fabrice
Le mer. 23 juin 2021 à 06:30, Mathieu Valois via PacketFence-users <
Yes you can add it in Avaya.pm and you just need to restart httpd.aaa.
Regards
Fabrice
Le mer. 16 juin 2021 à 14:13, Chris Crawford via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Do I need to put this into the Avaya.pm in …/lib/pf/Switch/Avaya.pm? Or
> can I
Hello,
it's on the way, we are working on the support for debian 11 and rhel8.
Regards
Fabrice
Le mer. 16 juin 2021 à 14:13, David Magda via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
> Currently the official repos only have binaries for Debian 9
Hello David,
I will be happy to review your PR once done.
Btw i am always impressed by the Mikrotik features, it's like a network
equipment switch knife.
Last thing, if the deauth method is not the same between wifi and wired ,
you can add the function wiredeauthTechniques in the switch module.
Hello David,
you are in the good tracks.
First you need to append that:
use pf::SwitchSupports qw(
WiredMacAuth
WiredDot1x ... );
Then retry.
Also can you provide a raddebug output when you connect ?
raddebug -f /usr/local/pf/var/run/radiusd.sock
Regards
Fabrice
Le mar. 18 mai 2021 à 01:22,
Hello Chris,
First we don't compute the role from the source for Fortigate, we just do a
mschap verification then if it's authenticated then we allow the access.
It misses a little bit of code to do that but it's not something really
complicated.
Next the condition in the radius filter you
redns/plugin/pfdns.(*pfdns).RefreshPfconfig.func1
>
> Apr 27 15:07:18 vs-swk-pf pfdns[222919]:
> /root/rpmbuild/centos-7/BUILD/packetfence-10.2.0/go/coredns/plugin/pfdns/pfdns.go:118
> +0x50
>
> Apr 27 15:07:18 vs-swk-pf systemd[1]: Unit packetfence-pfdns.service
> entered
Hello Abdoul,
packetfence is already aware of the dhcp traffic on the
isolation/registration networks, so there nothing to do.
For the production network, you can do 2 things:
use the ip helper address command on each production vlan (on the cisco
switch):
ip helper-address address
or use that
Hello Adam,
Check with:
journalctl | grep pfdns
Regards
Fabrice
Le mar. 27 avr. 2021 à 22:34, Franklin, Adam via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Ludovic
> Could you tell me where to find the appropriate logs?
> Many Thanks
>
> Adam
>
> Get Outlook
Hello Robin,
in fact you just need to change the registration role in the switch config
to a prod vlan instead of the registration one.
Regards
Fabrice
Le mar. 27 avr. 2021 à 22:34, Robin Cortat via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> I have
Hello Cristian,
thanks for the raport.
On my side i was able to replicate the issue and i pushed a fix in the
maintenance branch.
So you can run /usr/local/pf/addons/pf-main.pl and restart httpd.aaa
service.
Regards
Fabrice
Le mar. 27 avr. 2021 à 11:00, Cristian Mammoli via PacketFence-users <
celinaisd.com/>
On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
lation.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
sorry for t
Hello doppino,
yes you can use SNMP and active directory but for that you will need to
use the portal to authenticate.
Be sure on the packetfence side to enable the
packetfence-snmptrapd.service (it's disabled by default).
Then add the switch in packetfence and fill the correct
Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
Can you revert this section (put as default) and retry ?
Thanks
Regards
Fabrice
Le 2021-03-29 à 16 h 15, Joshua Wise via PacketFence-users a écrit :
Pastebin of the response.
Hello Martijn,
simply associate the DEFAULT and NULL realm to you domain (Realm config
section) and restart packetfence
Regards
Fabrice
Le 2021-03-16 à 16 h 16, Martijn Langendoen via PacketFence-users a écrit :
Hi all,
i have a problem with my 802.1x setup. i follow the manual about
Hum looks to be the accounting interim update.
Check on the equipment side and raise the interim update value to
something higher.
Le 2021-03-10 à 08 h 50, Daniele via PacketFence-users a écrit :
I noticed that there are also these logs repeated every 30 seconds in
the packetfence.log ...
It looks that the disconnection doesn't work correctly:
Jan 20 07:19:37 pf pfqueue: pfqueue(30210) WARN: [mac:58:d9:c3:5e:56:e5]
Unable to perform RADIUS Disconnect-Request. Disconnect-NAK received
with Error-Cause: Session-Context-Not-Found. (pf::Switch::radiusDisconnect)
Check on the
Hello Stephen,
you can install monit for that.
yum install monit
then have a configuration file that match specific pattern:
check file radius.log with path /usr/local/pf/logs/radius.log
group RADIUS
every 450 cycles # every 15 minutes (if 1 cycle is 2 seconds)
if match
Hello Enrique,
use_tunneled_reply is a freeradius attribute but i don't think it's
related to the issue (it's the authentication part).
(https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/eap.conf.example)
The issue is when the CoA is sent.
Regards
Fabrice
Le 21-01-08 à
Hello Adrian,
if you can try with other mac format to see if one works.
like:
5c:e0:c5:c1:d6:fd
5C:E0:C5:C1:D6:FD
5c-e0-c5-c1-d6-fd
5C-E0-C5-C1-D6-FD
5ce0c5c1d6fd
5CE0C5C1D6FD
Regards
Fabrice
Le 20-12-15 à 13 h 06, Adrian D'Atri-Guiran a écrit :
Hi Fabrice,
I played around with it a
Hello Sonali,
do a tcpdump on the registration interface to see if there is some traffic.
Also do you get an ip address when you are in the registration vlan ?
Are you able to ping it from the pf servers ?
Regards
Fabrice
Le 20-11-20 à 04 h 57, Sonali Gulia a écrit :
hi all
i am setting
The simplest way to see what is not working is probably to compare the
request that works and the one who not.
Because right now in the debug there is no call to ldap and or sql.
Regards
Fabrice
Le 20-11-03 à 08 h 58, Sonali Gulia a écrit :
Hi
We are using ldap module but i also try sql
Hello Sonali,
your issue looks to be because there is no module before that set the
"known good" password in the request.
Where is stored the password ? (ldap/sql/...)
Regards
Fabrice
Le 20-11-02 à 22 h 46, Sonali Gulia a écrit :
hi
Hi all in new version of pf 10.2.0 eap gtc sub
At least when you try to connect ...
Le 20-10-30 à 06 h 37, Sonali Gulia a écrit :
hi Durand fabrice
here is the result of raddebug -f /usr/local/pf/var/run/radiusd.sock
-t 3000
(10522) Fri Oct 30 21:32:00 2020: Debug: Received Status-Server Id 97
from 127.0.0.1:51783
NORTH AMERICA*
30100 Cabot Drive, Novi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
&l
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
*To:* packe
ovi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
101 - 200 of 680 matches
Mail list logo
