Re: [PacketFence-users] Reject node with MAC Authentication

Hi, I think you misunderstood the question. I think he want to disable Mac auth also for registered devices because MAB could be a security issue and if you have only 802.1x capable devices there is no need to accept MAB. If you set the registration vlan to -1 only unregistered devices will be

Re: [PacketFence-users] PF 8.0.3 guest manage portal

should be used 5. "Logins remaining" must have a predefined value (we use it to restrict a guest account to one device per user) 6. Guest-Admin should be redirected directly to the WebForm after logging in Tobias > > Le 19-02-14 à 10 h 40, Tobias Friede via PacketFence-use

Re: [PacketFence-users] PF 8.0.3 guest manage portal

it "User Create" and assign this admin in a > administration rule (in a source) then log in the admin guy with this > account. > > Regards > > Fabrice > > > Le 19-02-13 à 16 h 00, Tobias Friede via PacketFence-users a écrit : > > Hi, > > sadly the Gues

Re: [PacketFence-users] PF 8.0.3 guest manage portal

Hi, sadly the Guest portals does not exist anymore in PacketFence. Greetings Tobias Am Mi., 13. Feb. 2019 um 11:36 Uhr schrieb Георги Ниношев via PacketFence-users : > Hello all, > > Since 2 days I'm trying to find how to enable/create the guest accounts > management/manager in PacketFense.

Re: [PacketFence-users] EAP-TLS authentication

Hi, Am Fr., 11. Jan. 2019 um 13:33 Uhr schrieb Carlos Wetli via PacketFence-users : > Question: > - in which case do I have to install PKI on PacketFence ? > If you want to use PacketFence PKI as your PKI. You said that you already have one, so you don't need the integrated PKI. > - Do I have

Re: [PacketFence-users] VLAN Assignment for MAB clients

for the help! > You are welcome :) ------ > *From:* Tobias Friede > *Sent:* Tuesday, December 11, 2018 12:39:20 AM > *To:* Anton Castelli > *Cc:* packetfence-users@lists.sourceforge.net > *Subject:* Re: [PacketFence-users] VLAN Assignment for MAB clients

Re: [PacketFence-users] VLAN Assignment for MAB clients

I can say that the N2000 Serie from DELL should work pretty well with PacketFence. We had tested exactly that switch model with packetfence and solved some issues together with inverse a few month ago (Support Subscription is pretty usefull ;) ) The config written in the PacketFence documentation

Re: [PacketFence-users] Need advice on server certificates

Hi, Have a look at the packetfence documentation. You can implement your own certificates for the radius server. https://packetfence.org/doc/PacketFence_Installation_Guide.html#_pki_integration For example we use a Windows Server CA and we deploy the certificates via Group Policy to our

Re: [PacketFence-users] USB-C docks and MAB

Hi, we use USB-C Docks too, but we have only Dell Docks/Notebooks. The Dell Notebooks have a build in Passthrough MAC which will be used if a Dell USB-C-Dock is connected to the Notebook. The Mac Adress is build into the BIOS. Lenovo has a similar feature:

Re: [PacketFence-users] DHCP service not listed

Hi, I have the same problem, maybe that behavior is normal? My Cluster is a PF 7.2 Cluster. Greetings Tobias 2017-11-17 16:34 GMT+01:00 Stephen Appleby via PacketFence-users < packetfence-users@lists.sourceforge.net>: > I've created a 3 node PF cluster. On one of the nodes DHCP is not listed

Re: [PacketFence-users] person_cleanup / node_cleanup not doing anything

Hi, we use PF 7.2 and have no problems with Node or User cleanup. Maybe you should have a look at your logs (maybe increase your log level) 2017-09-19 15:08 GMT+02:00 Frederic Hermann via PacketFence-users < packetfence-users@lists.sourceforge.net>: > > > Did you also find the 'regular'

Re: [PacketFence-users] Guest Management

Hi, > > I am trying to create guest user for the wireless, but i get errors > > 1. From User menu i choose create, but when i choose role as guest i get > error "you must set an access duration or registration date." or i get you > must at least set a role mark user as a sponsor or set an access

Re: [PacketFence-users] synchronization AD

Hi, if you use 802.1x, the client doesn't need to reach the active directory. The whole auth process will handled by your switch. Are you sure you use 802.1x? 2016-12-26 16:47 GMT+01:00 David Jesus : > Hello Hermann > > > > In normal vlan I can get to AD, I can resolve

Re: [PacketFence-users] packetfence and cisco switches

9 GMT+01:00 Tim DeNike <tim.den...@mcc.edu>: > Use RADIUS. Way better! > > That would be the best way ;) > > *From:* Tobias Friede [mailto:t.fri...@gmail.com] > *Sent:* Wednesday, December 14, 2016 4:02 PM > *To:* packetfence-users@lists.sourceforge.net > *Su

Re: [PacketFence-users] packetfence and cisco switches

Hi, I think that's not possible because Port Security creates a static entry in the Mac Table of the switch. That's how port security is working ;) You could enable aging. That means if the client is inactive, the mac adress is removed from the switch port (after a specific time) =>

Re: [PacketFence-users] PacketFence v7 - Will clustering be easier?

I just get I/O errors after mounting the partition Maybe the Documentation is not up to date? Greetings Tobias On Mon, Dec 12, 2016 at 3:47 PM, Tobias Friede <t.fri...@gmail.com> wrote: > >> Hi, >> >> nice announcement, thanks for your great work ! >> &g

[PacketFence-users] PacketFence v7 - Will clustering be easier?

Hi, nice announcement, thanks for your great work ! From: Ludovic Marcotte >Database Clustering - PacketFence v7 will make use of MariaDB Galera Cluster. Each PacketFence server will hold a copy of the database and any >cluster member detaching itself from the clustered

Re: [PacketFence-users] Reregister if SSID is changing

Hi, ok, I can't solve it by myself, so I have ordered a Support Contract. I hope Inverse can help me :D If I get a solution, I will post it here :) Greetings Tobias 2016-09-28 9:58 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > Hi, > > today I played a little bit wi

Re: [PacketFence-users] Packetfence Cisco WLC Radius

Hi, hi there > do somebody have a complete guide how to setup packetfence with cisco > wlc? The administration guide on packetfence.org is not complete... Only the "Switch" Configuration example is missing. The WLC Config is ok. You just have to set: - IP-Address: - Controller IP: -

Re: [PacketFence-users] User registrations always show "unable to connect" and iOS connection issues

Hi, Seems to be a problem with your WiFi infrastructure. It must be possible to change the VLAN after successfull authentification. >From which Vendor is your WiFi? greetings Tobias > We are currently experiencing two issues with PacketFence registrations at > our site: > > > > 1. No

Re: [PacketFence-users] Reregister if SSID is changing

the "Internal" VLAN not the registration VLAN :( Source and Role doesn't change to guest. Gruß Tobias 2016-09-27 22:44 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > > Hi Antoine, > >> There is a reevaluate happening every time a user connect to a SSID

Re: [PacketFence-users] Reregister if SSID is changing

rule with internal users? Is it the "Legacy Source"? When I try to edit that rule, I get the following message: "Error! The file is not readable." Greetings Tobias On 09/21/2016 05:46 AM, Tobias Friede wrote: > > Hi, > > is it possible to reevaluate acces

Re: [PacketFence-users] Reregister if SSID is changing

Hi, No one with an Idea how to fix my problem? Or is it better to use two packetfence servers, one for internal authentification and one for hotspot services? Greetings Tobias 2016-09-01 9:20 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > Hi, > > I have the following problem.

[PacketFence-users] Reregister if SSID is changing

Hi, I have the following problem. I have 2 SSIDs: Guest and Internal. The Guest WiFi is OPEN an just secured with a captive page. The internal is secured wit 802.1x EAP-TLS If a user connects to the guest wifi and log in with a guest account, our Aerohive APS and Cisco WLC will move them to the

Re: [PacketFence-users] Insecure dependency in kill while running with -T switch at /usr/local/pf/lib/pf/services/manager.pm line 544.

Germany Tobias 2016-04-04 21:06 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > Hi, > > since today (after installing snort and doing a reboot) I get this error > message and can't start PF anymore. > In the packetfence.log I see the following message: > > Apr 04 2

[PacketFence-users] Insecure dependency in kill while running with -T switch at /usr/local/pf/lib/pf/services/manager.pm line 544.

Hi, since today (after installing snort and doing a reboot) I get this error message and can't start PF anymore. In the packetfence.log I see the following message: Apr 04 21:00:47 pfcmd.pl(2299) INFO: pidof -x p0f returned 15877 15861 (pf::services::manager::pidFromFile) Apr 04 21:00:47

Re: [PacketFence-users] Refreshing "online state" & Port Description

2016-04-01 14:20 GMT+02:00 Durand fabrice <fdur...@inverse.ca>: > Hello Tobias, > > > Le 2016-04-01 08:13, Tobias Friede a écrit : > > Hi, > > PacketFence is working for me now :) > I use 802.1x Auth via Cisco Radius and I configured it like described in &g

[PacketFence-users] Refreshing "online state" & Port Description

Hi, PacketFence is working for me now :) I use 802.1x Auth via Cisco Radius and I configured it like described in the device config manual. Now the client connection is working and I see the client as online in my node list. But if I detach the client from the switch, the status remains on

Re: [PacketFence-users] ActiveDirectory Auth

Hi, I found a solution: I changed --username=%{mschap:User-Name:-None} to --username=%{mschap:User-Name} Now auth is working :) Greetings Tobias 2016-03-29 18:42 GMT+02:00 Tobias Friede <t.fri...@gmail.com>: > --username=%{mschap:User-N

Re: [PacketFence-users] ActiveDirectory Auth

ing # "retries allowed". # Be careful setting this to yes. It could allow a device to hog the thread by never replying. # allow_retry = no # An optional retry message. # #retry_msg = "Re-enter (or reset) the password" } 2016-03-29 16:48 GMT+02:00 Louis Munro <lmu...@inverse.c

Re: [PacketFence-users] ActiveDirectory Auth

Hi, now I have reinstalled the PF server and configured the AD Auth like described in the documentation but with no success. I get the same error message like before. I have no idea where the mistake is. Maybe there is a bug? Greetings Tobias 2016-03-23 16:29 GMT+01:00 Tobias Friede <t.

Re: [PacketFence-users] mschap rejecting known good user

Hi, looks a little bit like the problem I have with authentication against an Active Directory. The Credentials are correct and I get back an NT-Key, but FreeRadius tells me: MS-CHAP2-Response is incorrect Can you try this? chroot /chroot/CMetDomain ntlm_auth --username=testuser

Re: [PacketFence-users] ActiveDirectory Auth

Hi, it's very strange, I get different error messages for auth with the correct password an with a wrong password. With correct password (ntlm_auth in chroot is working), I get this fail reason: chrooted_mschap: External script says NT_KEY: B002F4642C1050FB999F6AF5B3502F9F With wrong password I

[PacketFence-users] ActiveDirectory Auth

Hi, yesterday I successfully included our own CA Certificates on PacketFence (thank you very much for helping me so fast :) ) Know I stuck at the Active Directory Auth (user and machine account) What I have done: 1) Added an AD Source (sAMAccountName as Username, I also tried

[PacketFence-users] Questions to use an own (Windows Based) CA for client Auth

Hi, I am pretty new to PacketFence. At this time we use an Cisco ACS for authenticate our Wireless LAN Clients with ActiveDirectory Machine Accounts and client certificates from our Windows based CA. So all of our Clients already have certificates installed via Active Directory group policy.