Hi,
I think you misunderstood the question.
I think he want to disable Mac auth also for registered devices because MAB
could be a security issue and if you have only 802.1x capable devices there
is no need to accept MAB.
If you set the registration vlan to -1 only unregistered devices will be
should be used
5. "Logins remaining" must have a predefined value (we use it to
restrict a guest account to one device per user)
6. Guest-Admin should be redirected directly to the WebForm after
logging in
Tobias
>
> Le 19-02-14 à 10 h 40, Tobias Friede via PacketFence-use
it "User Create" and assign this admin in a
> administration rule (in a source) then log in the admin guy with this
> account.
>
> Regards
>
> Fabrice
>
>
> Le 19-02-13 à 16 h 00, Tobias Friede via PacketFence-users a écrit :
>
> Hi,
>
> sadly the Gues
Hi,
sadly the Guest portals does not exist anymore in PacketFence.
Greetings
Tobias
Am Mi., 13. Feb. 2019 um 11:36 Uhr schrieb Георги Ниношев via
PacketFence-users :
> Hello all,
>
> Since 2 days I'm trying to find how to enable/create the guest accounts
> management/manager in PacketFense.
Hi,
Am Fr., 11. Jan. 2019 um 13:33 Uhr schrieb Carlos Wetli via
PacketFence-users :
> Question:
> - in which case do I have to install PKI on PacketFence ?
>
If you want to use PacketFence PKI as your PKI. You said that you already
have one, so you don't need the integrated PKI.
> - Do I have
for the help!
>
You are welcome :)
------
> *From:* Tobias Friede
> *Sent:* Tuesday, December 11, 2018 12:39:20 AM
> *To:* Anton Castelli
> *Cc:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] VLAN Assignment for MAB clients
I can say that the N2000 Serie from DELL should work pretty well with
PacketFence.
We had tested exactly that switch model with packetfence and solved some
issues together with inverse a few month ago (Support Subscription is
pretty usefull ;) )
The config written in the PacketFence documentation
Hi,
Have a look at the packetfence documentation.
You can implement your own certificates for the radius server.
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_pki_integration
For example we use a Windows Server CA and we deploy the certificates via
Group Policy to our
Hi,
we use USB-C Docks too, but we have only Dell Docks/Notebooks.
The Dell Notebooks have a build in Passthrough MAC which will be used if a
Dell USB-C-Dock is connected to the Notebook.
The Mac Adress is build into the BIOS.
Lenovo has a similar feature:
Hi,
I have the same problem, maybe that behavior is normal?
My Cluster is a PF 7.2 Cluster.
Greetings
Tobias
2017-11-17 16:34 GMT+01:00 Stephen Appleby via PacketFence-users <
packetfence-users@lists.sourceforge.net>:
> I've created a 3 node PF cluster. On one of the nodes DHCP is not listed
Hi,
we use PF 7.2 and have no problems with Node or User cleanup.
Maybe you should have a look at your logs (maybe increase your log level)
2017-09-19 15:08 GMT+02:00 Frederic Hermann via PacketFence-users <
packetfence-users@lists.sourceforge.net>:
>
> > Did you also find the 'regular'
Hi,
>
> I am trying to create guest user for the wireless, but i get errors
>
> 1. From User menu i choose create, but when i choose role as guest i get
> error "you must set an access duration or registration date." or i get you
> must at least set a role mark user as a sponsor or set an access
Hi,
if you use 802.1x, the client doesn't need to reach the active directory.
The whole auth process will handled by your switch.
Are you sure you use 802.1x?
2016-12-26 16:47 GMT+01:00 David Jesus :
> Hello Hermann
>
>
>
> In normal vlan I can get to AD, I can resolve
9 GMT+01:00 Tim DeNike <tim.den...@mcc.edu>:
> Use RADIUS. Way better!
>
> That would be the best way ;)
>
> *From:* Tobias Friede [mailto:t.fri...@gmail.com]
> *Sent:* Wednesday, December 14, 2016 4:02 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Su
Hi,
I think that's not possible because Port Security creates a static entry in
the Mac Table of the switch.
That's how port security is working ;)
You could enable aging. That means if the client is inactive, the mac
adress is removed from the switch port (after a specific time)
=>
I just get I/O errors after mounting the partition Maybe the
Documentation is not up to date?
Greetings
Tobias
On Mon, Dec 12, 2016 at 3:47 PM, Tobias Friede <t.fri...@gmail.com> wrote:
>
>> Hi,
>>
>> nice announcement, thanks for your great work !
>>
&g
Hi,
nice announcement, thanks for your great work !
From: Ludovic Marcotte
>Database Clustering - PacketFence v7 will make use of MariaDB Galera
Cluster. Each PacketFence server will hold a copy of the database and any
>cluster member detaching itself from the clustered
Hi,
ok, I can't solve it by myself, so I have ordered a Support Contract.
I hope Inverse can help me :D
If I get a solution, I will post it here :)
Greetings
Tobias
2016-09-28 9:58 GMT+02:00 Tobias Friede <t.fri...@gmail.com>:
> Hi,
>
> today I played a little bit wi
Hi,
hi there
> do somebody have a complete guide how to setup packetfence with cisco
> wlc? The administration guide on packetfence.org is not complete...
Only the "Switch" Configuration example is missing. The WLC Config is ok.
You just have to set:
- IP-Address:
- Controller IP:
-
Hi,
Seems to be a problem with your WiFi infrastructure. It must be possible to
change the VLAN after successfull authentification.
>From which Vendor is your WiFi?
greetings
Tobias
> We are currently experiencing two issues with PacketFence registrations at
> our site:
>
>
>
> 1. No
the
"Internal" VLAN not the registration VLAN :(
Source and Role doesn't change to guest.
Gruß
Tobias
2016-09-27 22:44 GMT+02:00 Tobias Friede <t.fri...@gmail.com>:
>
> Hi Antoine,
>
>> There is a reevaluate happening every time a user connect to a SSID
rule with internal users? Is it the "Legacy Source"? When I try
to edit that rule, I get the following message:
"Error! The file is not readable."
Greetings
Tobias
On 09/21/2016 05:46 AM, Tobias Friede wrote:
>
> Hi,
>
> is it possible to reevaluate acces
Hi,
No one with an Idea how to fix my problem?
Or is it better to use two packetfence servers, one for internal
authentification and one for hotspot services?
Greetings
Tobias
2016-09-01 9:20 GMT+02:00 Tobias Friede <t.fri...@gmail.com>:
> Hi,
>
> I have the following problem.
Hi,
I have the following problem. I have 2 SSIDs:
Guest and Internal.
The Guest WiFi is OPEN an just secured with a captive page. The
internal is secured wit 802.1x EAP-TLS
If a user connects to the guest wifi and log in with a guest account,
our Aerohive APS and Cisco WLC will move them to the
Germany
Tobias
2016-04-04 21:06 GMT+02:00 Tobias Friede <t.fri...@gmail.com>:
> Hi,
>
> since today (after installing snort and doing a reboot) I get this error
> message and can't start PF anymore.
> In the packetfence.log I see the following message:
>
> Apr 04 2
Hi,
since today (after installing snort and doing a reboot) I get this error
message and can't start PF anymore.
In the packetfence.log I see the following message:
Apr 04 21:00:47 pfcmd.pl(2299) INFO: pidof -x p0f returned 15877 15861
(pf::services::manager::pidFromFile)
Apr 04 21:00:47
2016-04-01 14:20 GMT+02:00 Durand fabrice <fdur...@inverse.ca>:
> Hello Tobias,
>
>
> Le 2016-04-01 08:13, Tobias Friede a écrit :
>
> Hi,
>
> PacketFence is working for me now :)
> I use 802.1x Auth via Cisco Radius and I configured it like described in
&g
Hi,
PacketFence is working for me now :)
I use 802.1x Auth via Cisco Radius and I configured it like described in
the device config manual.
Now the client connection is working and I see the client as online in my
node list. But if I detach the client from the switch, the status remains
on
Hi,
I found a solution:
I changed --username=%{mschap:User-Name:-None} to
--username=%{mschap:User-Name}
Now auth is working :)
Greetings
Tobias
2016-03-29 18:42 GMT+02:00 Tobias Friede <t.fri...@gmail.com>:
> --username=%{mschap:User-N
ing
# "retries allowed".
# Be careful setting this to yes. It could allow a device to hog the thread
by never replying.
#
allow_retry = no
# An optional retry message.
#
#retry_msg = "Re-enter (or reset) the password"
}
2016-03-29 16:48 GMT+02:00 Louis Munro <lmu...@inverse.c
Hi,
now I have reinstalled the PF server and configured the AD Auth like
described in the documentation but with no success.
I get the same error message like before.
I have no idea where the mistake is. Maybe there is a bug?
Greetings
Tobias
2016-03-23 16:29 GMT+01:00 Tobias Friede <t.
Hi,
looks a little bit like the problem I have with authentication against an
Active Directory.
The Credentials are correct and I get back an NT-Key, but FreeRadius tells
me: MS-CHAP2-Response is incorrect
Can you try this?
chroot /chroot/CMetDomain ntlm_auth --username=testuser
Hi,
it's very strange, I get different error messages for auth with the correct
password an with a wrong password.
With correct password (ntlm_auth in chroot is working), I get this fail
reason: chrooted_mschap: External script says NT_KEY:
B002F4642C1050FB999F6AF5B3502F9F
With wrong password I
Hi,
yesterday I successfully included our own CA Certificates on PacketFence
(thank you very much for helping me so fast :) )
Know I stuck at the Active Directory Auth (user and machine account)
What I have done:
1) Added an AD Source (sAMAccountName as Username, I also
tried
Hi,
I am pretty new to PacketFence. At this time we use an Cisco ACS for
authenticate our Wireless LAN Clients with ActiveDirectory Machine Accounts
and client certificates from our Windows based CA.
So all of our Clients already have certificates installed via Active
Directory group policy.
35 matches
Mail list logo