Re: [PacketFence-users] PF 13.1 Security Onion 2.4

Nate: I am VERY curious to hear about how you are tying SO and PF together. I also am running both and am thinking of integrating them. I would like to hear your thoughts and experiences. Please feel free to start a new thread or contact me off-list if you are more comfortable there. Jake

Re: [PacketFence-users] Basic MAC authentication and vlan assignment

Check out Meraki's documentation: https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) [https://a.mtstatic.com/@public/production/site_13505/1603418441-social-share.png] MS

[PacketFence-users] Captive portal customizations gone after upgrade

All: Hoping someone can shed some light on this. We did an upgrade to the latest maintenance patch of PF and the customizations we put on the captive portal were removed. All we did is change the logo (vis the web GUI) and slightly modify the CSS to fit our color scheme. Now our custom logo

Re: [PacketFence-users] Authentication Source HTTP

Are you looking for something like this? https://medium.com/beyond-the-helpdesk/configuring-packetfence-for-use-with-dpsk-6519aaf6fe4d Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513

Re: [PacketFence-users] (no subject)

Abdi: Setting up PF for the first time can be difficult if you are not familiar with Linux. My suggestion is to wipe the slate clean and start over again. Delete your current PF and Linux install completely. Start by just installing PF on a new linux install. Follow the install guide

Re: [PacketFence-users] (no subject)

Abdi: I am assuming you're new to the mailing list; if so, Welcome to the mailing list! Here you don't have to ask for help first, just post your question and if someone can help you, they will. A few things to keep in mind: 1) Remember this is FREE support. Most of the people here are

Re: [PacketFence-users] Captive Portal Issue on Mobile Devices

<http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Thu, 8 Jul 2021 at 14:16, Sallee, Jake via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: > you might wan

Re: [PacketFence-users] Captive Portal Issue on Mobile Devices

7 | www.mediatel.com.ar<http://www.mediatel.com.ar/> | Juan Carlos Cruz 2360 – 4B (1636), Vicente López, Buenos Aires, Argentina | https://goo.gl/maps/NZCFPwVkFFf14cR67 On Wed, 7 Jul 2021 at 18:35, Sallee, Jake via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote: Hell

[PacketFence-users] Captive Portal Issue on Mobile Devices

Hello all! This is a strange one and I hope someone out there has faced this demon before and can help. We are running PF 10.3 (with latest maintenance patches) in a 3 node cluster. TLDR: Captive portal issues on iPhones and some mobile devices, cant find any reason in the logs as to why it

Re: [PacketFence-users] MAC Randomisation

IIRC MAC randomization is only used for beacon frames by default which PF doesn't care about as far as I know. So hopefully it is not an issue at all. I do remember also seeing some devices give an option to randomize MAC on connect to a specific SSID so perhaps it would be possible to get

Re: [PacketFence-users] VLAN isolation and routed networks

What you are describing sounds similar to what we are doing. PF works great with routed networks and depending on the details of your VPN connection I think it should work in your situation. I have never setup a PF deployment like the one you are talking about however if your VPN is setup in a

Re: [PacketFence-users] POC Radius auth with Juniper switches

Did you configure the Windows box for 802.1x? Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Kevin

Re: [PacketFence-users] Request Support

Vincenzo: If you want professional support your best bet is to reach out to Inverse, they are the makers of PacketFence and are REALLY good. However, they do not work for free and there will be a cost associated if you engage their services. https://packetfence.org/support.html#/commercial

Re: [PacketFence-users] Fwd: Upgrade 9.1 to 9.3

c01 ~]# Cumprimentos, Domingos Varela Tel. +244 923 229 330 | Luanda - Angola Domingos Varela mailto:sousa.var...@gmail.com>> escreveu no dia sexta, 14/02/2020 à(s) 13:34: Hi Jake, thanks for your response, the answer below. Regards Cumprimentos, Domingos Varela Tel. +244 923 229 330 | Luan

Re: [PacketFence-users] Fwd: Upgrade 9.1 to 9.3

Domingos: I happy to try and help, but we will need more info. Lets start with your log files. When you try to start the PF services what do the logs say? You can put your log file on pastebin and link it here. If you did the upgrade, did you also do the database schema upgrade? Jake

[PacketFence-users] Pending changes to MS LDAP

Can anyone tell me if the pending changes to LDAP Microsoft announced are going to effect packetfence. Source: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023 We have out PF cluster using our AD servers as an authentication source. Will I need to set the LDAP

[PacketFence-users] Maintenance patches

Inverse peeps! I like getting the notifications about available maintenance patches, but is there a place where I can go to read the patch release notes? Thank you in advance. Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor

Re: [PacketFence-users] Upgrade path from PacketFence 3.5.0 to current

I have to ask ... why not build a new box or cluster? Upgrading that many versions is going to be a challenge. Plus, according to the upgrade doc, you cant upgrade to PF7 or beyond running CentOS 6 or Debian Wheezy. So ... a rebuild may be your only option. Jake Sallee Godfather of Bandwidth

[PacketFence-users] Unable to perform RADIUS Disconnect-Request

Hello all! BG Info: New cluster install v9.2 Currently doing pre-production tests Xirrus APs RADIUS Deauth Routed mode I have run into an issue where my wireless clients are not getting disconnected correctly. Here is the snip from the log: ===

Re: [PacketFence-users] packetfence clustered environment

Forgive me for butting in, but do you have a specific reason for using an inline deployment? IMHO a routed / vlan deployment is better. Obviously, if you have a reason why you want to use an inline deployment you can ignore me : ) Jake Sallee Godfather of Bandwidth System Engineer and

Re: [PacketFence-users] Raspberry Pi and Packetfence

Running PF on a Pi sounds interesting … what use case are you going for? Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Zacharry Williams

Re: [PacketFence-users] NAC bypass

resses? > On May 23, 2019, at 1:21 PM, Sallee, Jake via PacketFence-users > wrote: > > Max: > > This strikes me as an uninformed opinion. > > While a lot of tools don't speak IPv6, very little of the world runs IPv6 ... > even though its over a decade old. Most IPv6 pr

Re: [PacketFence-users] NAC bypass

Max: This strikes me as an uninformed opinion. While a lot of tools don't speak IPv6, very little of the world runs IPv6 ... even though its over a decade old. Most IPv6 providers run an IPv6to4 gateway and technically all IPv6 traffic will run through a 6to4 gateway somewhere or else they

Re: [PacketFence-users] Packetfence 8.3 - AD source causes Radius go down

... can you post HOW you solved it? That way other who may search the list later can fix their similar issues too. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221

Re: [PacketFence-users] Lab setup without AD

Matt: Others may know better than me, but unless you are authenticating users from other domains you do not needs a realm. In your lab setup the realm will be either local or null if you are not using a user database backend (like AD). In FreeRADIUS land the realm is what you use to determine

Re: [PacketFence-users] Cisco 2960 802.1X and MAB

Where are you at in the process of setting up PF in your environment? The reason I ask is because this will vastly effect exactly what information you need at the moment. >What is needed to be configured in PF? Nothing special, just add a switch as you would normally according to the PF

[PacketFence-users] guest registration problems

All: BG Info: Packetfence v8.1.0 3 node cluster Two issues: 1) When using guest email registration: The link in the email points back to the server that generated the email and NOT the cluster so the link does not work. The link sent in the email points to: NAC-server-1.domain.tld, if I

[PacketFence-users] Setting device role based on computer AD membership or static roles

All: I would like to be able to check if the user's computer is joined to our AD and assign a role based on that membership or not. The issue I am attempting to address is this: Devices which are owned by the university and are used by university employees are assigned one role while personal

[PacketFence-users] 802.1x fall through authentication

All: (INFO: PF 8.1.0 three node cluster) Is it possible to configure fall through authentication with 802.1x? I have two AD realms and I want users to be able to login by providing their user name only (IE: UserName) and not require the full user name (IE: usern...@domain.tld). I have added

Re: [PacketFence-users] Problem to join my AD : client not found in kerberos database.

Was PF previously joined to AD? If so you may have some residual entries in your AD which need to be removed. also, what is in the logfile? Check out page 45 in the install guide. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College

Re: [PacketFence-users] Haproxy will always crash after a few hours

Thomas. On 04/07/2018 02:37, Sallee, Jake via PacketFence-users wrote: > Fabrice: > > I'm more than happy to give you access. > > I'm in the office tonight, but ... don't tell anyone ... since tomorrow is my > country's birthday (kinda) I will be celebrati

Re: [PacketFence-users] Haproxy will always crash after a few hours

=30MOxIo3uwuouni3FahWSIniOg_NUk6kGwM2svxdsEg=) Jake if you want, let me give an access to your setup and i will upgrade the haproxy version and adapt the code to see if it fix the issue. Regards Fabrice Le 2018-07-03 à 14:47, Sallee, Jake via PacketFence-users a écrit : > Yes I am, here is what I am see

Re: [PacketFence-users] Log spamming

From: Nicolas Quiniou-Briand via PacketFence-users Sent: Tuesday, July 3, 2018 3:02 PM To: packetfence-users@lists.sourceforge.net Cc: Nicolas Quiniou-Briand Subject: Re: [PacketFence-users] Log spamming Hello Jake, On 2018-07-03 11:52 AM, Sallee, Jake via PacketFence

Re: [PacketFence-users] Log spamming

System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Sallee, Jake via PacketFence-users Sent: Tuesday, July 3, 2018 10:52 AM To: packetfence Cc: Sallee, Jake Subject

Re: [PacketFence-users] Haproxy will always crash after a few hours

see if the same type of errors are registered in the log files I've mentioned? Em ter, 3 de jul de 2018 12:56, Sallee, Jake via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> escreveu: Sorry to butt in, but I wanted to say I think I am having the same issue. haproxy

Re: [PacketFence-users] Haproxy will always crash after a few hours

Sorry to butt in, but I wanted to say I think I am having the same issue. haproxy seems to crash after a few hours, but only on one of the servers in my cluster. Is there any test or logs I can provide to assist in the troubleshooting process? Jake Sallee Godfather of Bandwidth System

[PacketFence-users] Log spamming

All: my /var/log/messages file is getting spammed with several lines per second of the following: Jul 3 10:49:07 NAC-PFv8-02 /usr/local/pf/bin/pfdhcp[30276]: t=2018-07-03T10:49:07-0500 lvl=info msg="Setting log level to INFO" Jul 3 10:49:07 NAC-PFv8-02 /usr/local/pf/bin/pfdhcp[30276]:

[PacketFence-users] 802.1x auto de-register

All: How can I disable the feature that automatically de-registers an endpoint when they de-associate with an 802.1x SSID? I want them to be auto-registered when the associate, but when they drop off I want them to stay registered. In my environment we are setting up two SSIDs, one

Re: [PacketFence-users] Autoregistering thousand of Chromebooks

Fone: 254-295-4658 Phax: 254-295-4221 From: Steve Pfister via PacketFence-users Sent: Friday, June 29, 2018 8:59 AM To: Sallee, Jake via PacketFence-users Cc: Steve Pfister Subject: Re: [PacketFence-users] Autoregistering thousand of Chromebooks Actually

Re: [PacketFence-users] Autoregistering thousand of Chromebooks

ing any MAC filtering at all. It will let anyone at all in. Does MAC filtering really not do anything? On 6/25/2018 5:55 PM, Sallee, Jake via PacketFence-users wrote: > Do you have a test area you can use? > > PF has a mode you can use on your switch / AP that will auto-register any > de

Re: [PacketFence-users] Autoregistering thousand of Chromebooks

Do you have a test area you can use? PF has a mode you can use on your switch / AP that will auto-register any device you plugin / associate to that device. If you set up a switch or AP in PF and set its mode to registration it will do what you want. Where you set the role for the

[PacketFence-users] 802.1x confiuration instructions

All: The instructions for configuring 802.1x in the install guide are fine for testing but not really for a production install. Are there any instructions on configuring a production 802.1x deployment? I understand inverse can't talk about all the hundreds of different vendors, but it would

Re: [PacketFence-users] Replacing snake oil certs with production certs.

, hopefully someone else can learn from my mistake. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Sallee, Jake via PacketFence

[PacketFence-users] Replacing snake oil certs with production certs.

All: This is a new PFv8.0.1 3 node cluster install. Are there any instructions for installing new production certs on the PF servers in a cluster? I have a new cert that I am trying to install but when I do the httpd services fail to restart. I'm thinking the certs need to be processed into

[PacketFence-users] Cannot Remove Node Role

Gents: I am testing my new 8.0.1 cluster, I added a test role called you guessed it, test. I would like to remove the role now, but I cannot. How does one go about removing or renaming a node role in PFv8? Jake Sallee Godfather of Bandwidth System Engineer University of Mary

[PacketFence-users] Maintenance Patch Install Instructions for Clusters

I can't find any official documentation on how to install the available maintenance patches for PF, especially in an active/active cluster. Anyone have some pointers? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas

Re: [PacketFence-users] New PF install trouble joining child domain

have more information. Change the file https://github.com/inverse-inc/packetfence/blob/devel/addons/AD/smb.tt and add : log level = 3 Regards Fabrice Le 2018-05-31 à 09:20, Sallee, Jake via PacketFence-users a écrit : > All: > > I'm setting up a new PFv8.1 cluster and I am at the poin

[PacketFence-users] New PF install trouble joining child domain

All: I'm setting up a new PFv8.1 cluster and I am at the point where I am joining the individual servers to the domains we have. The main / parent domain join went perfectly, but I am unable to join the child domain. Here is the error : Failed to join domain: Failed to set machine spn:

Re: [PacketFence-users] Clustering-nodes rebooted

Rebooting all nodes at once is ... less than desirable : ) What is the error you are getting in your maraidb logs? Also, look here: http://galeracluster.com/documentation-webpages/monitoringthecluster.html and here http://galeracluster.com/documentation-webpages/troubleshooting.html

Re: [PacketFence-users] Question about device-registration page

All: Forgive me for jumping in here but I wanted to put in my $.02. Generally the user's role is how you assign the user's level of network access. If you give the user a way to self assign a role you will need to find a way to verify that user has the necessary rights to that role. Guests

Re: [PacketFence-users] PacketFence FreeRADIUS only configuration

Matt: To elaborate on Fabrice's statements jut a bit: The RADIUS portion of PF can be thought of as just the mechanism PF uses to talk to the controllers / APs / Switches. All the logic of who and what devices get what role is defined in PF and those roles should correspond with some type

Re: [PacketFence-users] HP 1920 (JG1920-14G) support ?

According to HPs documentation the switch supports MAC auth and 802.1x https://www.hpe.com/h20195/v2/GetPDF.aspx/c04394247.pdf Have you tried using those? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: