date:20160915

[PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Jason 'XenoPhage' Frisvold

Hi!

I'm trying to set up the Fingerbank config on our packetfence instance,
but I'm running into a problem.  I've registered on the website as
requested and obtained my key.  However, when I add the key to
packetfence and click onboard, it submits as expected and reloads the
page with no key listed.  And the rest of the fingerbank functionality
informs me that fingerbank isn't configured.

Is there some trick I'm missing here, or have I run into a bug?

Thanks,

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Antoine Amacher


Hello Jason,

This is a bug: https://github.com/inverse-inc/packetfence/issues/1519
You would need to update your fingerbank package to a version superior 
of 2.2.0.

You can verify with: rpm -qa | grep fingerbank

In case you want a manual fix with no update package you can edit the 
file /usr/local/fingerbank/conf/fingerbank.conf and add the following 
inside:


[upstream]
api_key=YOUR API KEY

Thanks

On 09/15/2016 11:35 AM, Jason 'XenoPhage' Frisvold wrote:

Hi!

I'm trying to set up the Fingerbank config on our packetfence instance,
but I'm running into a problem.  I've registered on the website as
requested and obtained my key.  However, when I add the key to
packetfence and click onboard, it submits as expected and reloads the
page with no key listed.  And the rest of the fingerbank functionality
informs me that fingerbank isn't configured.

Is there some trick I'm missing here, or have I run into a bug?

Thanks,



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/15/16 11:53, Antoine Amacher wrote:
> Hello Jason,
> 
> This is a bug: https://github.com/inverse-inc/packetfence/issues/1519
> You would need to update your fingerbank package to a version superior
> of 2.2.0.
> You can verify with: rpm -qa | grep fingerbank

Hrm...

[root@packetfence0 logs]# rpm -qa | grep fingerbank
fingerbank-2.3.1-1.1.noarch

> In case you want a manual fix with no update package you can edit the
> file /usr/local/fingerbank/conf/fingerbank.conf and add the following
> inside:
> 
> [upstream]
> api_key=YOUR API KEY

That worked, but when I try to save the settings afterwards, I get an
error that it can't write to the fingerbank.conf file..  That file seems
to be owned by fingerbank :

-rw-rw-r--. 1 fingerbank fingerbank 60 Sep 15 12:05
/usr/local/fingerbank/conf/fingerbank.conf

I don't see anything running as fingerbank, and it doesn't look like
there are any other users in the fingerbank group..  perhaps that's the
issue?

Additionally, when I try to hit other links, I'm getting an error that
the server isn't running..  Is that something I need to explicitly start?

Thanks,

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big it is. I mean, you may think it’s
a long way down the road to the chemist’s, but that’s just peanuts to
space.”
- The Hitchhikers Guide to the Galaxy



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] OMAPI errors in pf log

2016-09-15 Thread James Rouzier

You can disable the OMAPI lookup in pf.conf

[omapi]
ip2mac_lookup=disabled


/usr/bin/pf/bin/pfcmd configreload



James Rouzier
jrouz...@inverse.ca :: +1.514.447.4918 (x115)  ::  http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)

On 2016-09-15 10:52 AM, Sallee, Jake wrote:
> PF version 5.6.1
>
> I'm getting some interesting errors in my packetfence.log:
>
> Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:c0:ce:cd:e7:d6:47] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
> Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Timeout while 
> reading from the OMAPI socket (pf::OMAPI::validate_reply)
> Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Use of 
> uninitialized value $received_startup_message in unpack at 
> /usr/local/pf/lib/pf/OMAPI.pm line 241.
>
>
> Some research showed it is related to DHCPD and indeed bouncing the service 
> does seem to solve the issue for a while but the issue returns.
>
> We are not using the PF box for any DHCP functions (other than PF listening 
> to DHCP for the location logs).
>
> Are the errors anything I should worry about?  If so, how do I fix them?
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/9/16 16:58, Louis Munro wrote:
> Yes, it automatically registers the devices with the credentials sent in
> the 802.1x authentication itself.

Excellent, that resolved the issue.

Jog my memory a bit, please..  I should be using a helper-address on
each router interface to push dhcp requests to packatfence so that
pfdhcplistener can see them and act accordingly, right?  ie, this is how
the users current IP ends up in the logs.  And the helper-address should
point at the management interface of packetfence?

Are there any configuration options I need to set within packetfence so
that it knows what networks to be on the lookout for, or will it accept
everything?

> You should probably create two portal profiles.
> One that matches your 802.1x network, and one that doesn't.
> Only apply the "autoregister" option to the 802.1x profile.
> 
> Profiles can be assigned based on criteria such as SSID, connection
> type, switch (controller) etc.
> It should be possible to have a portal that only matches your dot1x traffic.

Hrm..  I'll have to dig into this.  I guess what we would want is one
portal to handle the 802.1x traffic and one to handle everything else..
So we should use the connection type for that?  Wireless is probably a
little easier since we can specify an SSID for guest access, but I can't
really do that on wired..  Not that I expect much guest access there.

> Regards,
> --
> Louis Munro
> lmu...@inverse.ca   ::  www.inverse.ca
>  
> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu )
> and PacketFence (www.packetfence.org )
> 
> 
> 
> --
> 
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big it is. I mean, you may think it’s
a long way down the road to the chemist’s, but that’s just peanuts to
space.”
- The Hitchhikers Guide to the Galaxy

signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] OMAPI errors in pf log

2016-09-15 Thread Torry, Andrew

If you want to use the 'Parking' feature then disabling OMAPI will break it.

I have had to tweak the lib/pf/dhcp/processor.pm file so that the DHCP listener 
process
injects/updates OMAPI entries when a DHCP ACK is received.
This enables the OMAPI lookups to work and they will be in synch with reality 
even when the PF server
is not running as the DHCP server and 'Parking' works even when DHCP is not 
running on
the (remote) Registration VLAN.

Andrew



-
 Falmouth University
-

-Original Message-
From: Sallee, Jake [mailto:jake.sal...@umhb.edu]
Sent: 15 September 2016 15:52
To: packetfence
Subject: [PacketFence-users] OMAPI errors in pf log

PF version 5.6.1

I'm getting some interesting errors in my packetfence.log:

Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:c0:ce:cd:e7:d6:47] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.


Some research showed it is related to DHCPD and indeed bouncing the service 
does seem to solve the issue for a while but the issue returns.

We are not using the PF box for any DHCP functions (other than PF listening to 
DHCP for the location logs).

Are the errors anything I should worry about?  If so, how do I fix them?

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Antoine Amacher


The permissions on Fingerbank config file are the one expected.

You could always run: "/usr/local/pf/bin/pfcmd fixpermissions" to ensure 
permissions are rights everywhere.


Additionally, when I try to hit other links, I'm getting an error that
the server isn't running..  Is that something I need to explicitly start?

Which links? In the Fingerbank section of the admin? You might want to 
have a look into /usr/local/pf/logs/httpd.admin.{log,catalyst,error}, 
you could get the information about the error.


Which version of PacketFence are you running? You could try to run the 
maintenance; "perl /usr/local/pf/addons/pf-maint.pl".


Let us know if that help.

Thanks

On 09/15/2016 12:09 PM, Jason 'XenoPhage' Frisvold wrote:

On 9/15/16 11:53, Antoine Amacher wrote:

Hello Jason,

This is a bug: https://github.com/inverse-inc/packetfence/issues/1519
You would need to update your fingerbank package to a version superior
of 2.2.0.
You can verify with: rpm -qa | grep fingerbank

Hrm...

[root@packetfence0 logs]# rpm -qa | grep fingerbank
fingerbank-2.3.1-1.1.noarch


In case you want a manual fix with no update package you can edit the
file /usr/local/fingerbank/conf/fingerbank.conf and add the following
inside:

[upstream]
api_key=YOUR API KEY

That worked, but when I try to save the settings afterwards, I get an
error that it can't write to the fingerbank.conf file..  That file seems
to be owned by fingerbank :

-rw-rw-r--. 1 fingerbank fingerbank 60 Sep 15 12:05
/usr/local/fingerbank/conf/fingerbank.conf

I don't see anything running as fingerbank, and it doesn't look like
there are any other users in the fingerbank group..  perhaps that's the
issue?

Additionally, when I try to hit other links, I'm getting an error that
the server isn't running..  Is that something I need to explicitly start?

Thanks,



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] OMAPI errors in pf log

2016-09-15 Thread Sallee, Jake

PF version 5.6.1

I'm getting some interesting errors in my packetfence.log:

Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:c0:ce:cd:e7:d6:47] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:27 httpd.aaa(23024) ERROR: [mac:e8:61:7e:54:fe:5f] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:28:f0:76:00:1a:46] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:24:a0:74:0c:90:e9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:30 httpd.aaa(23024) ERROR: [mac:bc:6c:21:22:23:4d] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:31 httpd.aaa(23024) ERROR: [mac:a8:66:7f:c6:7c:13] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:32 httpd.aaa(23024) ERROR: [mac:6c:40:08:63:a6:b9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:33 httpd.aaa(23024) ERROR: [mac:fc:c2:de:ec:d3:b5] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:34 httpd.aaa(23024) ERROR: [mac:0c:77:1a:ab:83:f9] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.
Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Timeout while 
reading from the OMAPI socket (pf::OMAPI::validate_reply)
Sep 15 09:42:36 httpd.aaa(23024) ERROR: [mac:2c:be:08:d4:15:4d] Use of 
uninitialized value $received_startup_message in unpack at 
/usr/local/pf/lib/pf/OMAPI.pm line 241.


Some research showed it is related to DHCPD and indeed bouncing the service 
does seem to solve the issue for a while but the issue returns.

We are not using the PF box for any DHCP functions (other than PF listening to 
DHCP for the location logs).

Are the errors anything I should worry about?  If so, how do I fix them?

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Auditing Page shows wrong Created_at dates

2016-09-15 Thread Holger.Patzelt

Hi Folks,

in our installation (ZEN 6.2.1) the Auditing Page shows the "created_at" times 
wrong.
Could it be, that the page tries to interpret already converted times?
The Times on the Nodes Page (if you enable Registration Date Column eg.) seem 
to be right.
(The switches use ntp as the packetfence Server does, too.)

Any ideas??

Bye,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016-09-15 Thread Louis Munro


> On Sep 15, 2016, at 11:27 AM, Jason 'XenoPhage' Frisvold 
>  wrote:
> 
> Jog my memory a bit, please..  I should be using a helper-address on
> each router interface to push dhcp requests to packatfence so that
> pfdhcplistener can see them and act accordingly, right?  ie, this is how
> the users current IP ends up in the logs.  And the helper-address should
> point at the management interface of packetfence?
> 

Correct, except if you have routed isolation and registration networks.
DHCP relays for those should point to the PF interface for each.


> Are there any configuration options I need to set within packetfence so
> that it knows what networks to be on the lookout for, or will it accept
> everything?

The only networks it need to know anything specific about are the isolation and 
registration networks.
It needs to know their subnets and a few more details if they are not layer 2 
connected to your PF server such as the "next_hop" between the PF interfaces 
and these networks.

See this for a better explanation: 
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_routed_networks
 




> 
>> 
>> Profiles can be assigned based on criteria such as SSID, connection
>> type, switch (controller) etc.
>> It should be possible to have a portal that only matches your dot1x traffic.
> 
> Hrm..  I'll have to dig into this.  I guess what we would want is one
> portal to handle the 802.1x traffic and one to handle everything else..
> So we should use the connection type for that?  Wireless is probably a
> little easier since we can specify an SSID for guest access, but I can't
> really do that on wired..  Not that I expect much guest access there.



You can even define profiles that match combinations of things.
E.g connection type & SSID.

Connection type can also be wired vs wireless.

It's pretty flexible.
You should be able to narrow down to exactly what you want.

Try it, you'll like it!

Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/15/16 12:56, Antoine Amacher wrote:
> The permissions on Fingerbank config file are the one expected.
> 
> You could always run: "/usr/local/pf/bin/pfcmd fixpermissions" to ensure
> permissions are rights everywhere.
> 
> Additionally, when I try to hit other links, I'm getting an error that
> the server isn't running..  Is that something I need to explicitly start?
> 
> Which links? In the Fingerbank section of the admin? You might want to
> have a look into /usr/local/pf/logs/httpd.admin.{log,catalyst,error},
> you could get the information about the error.
> 
> Which version of PacketFence are you running? You could try to run the
> maintenance; "perl /usr/local/pf/addons/pf-maint.pl".
> 
> Let us know if that help.

Ok, tried both and restarted packetfence when I was done..  Still
getting the error :

" Error! An error occured while contacting the server. Please try again
later. "

And here's what I'm seeing in the http.admin.* logs :

==> logs/httpd.admin.error <==
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in numeric le
(<=) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in subtraction
(-) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in numeric le
(<=) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in subtraction
(-) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.

==> logs/httpd.admin.log <==
Sep 15 14:53:28 httpd.admin(710) ERROR: Cannot read from 'Combination'
table in schema 'Local'. Cannot search
(pfappserver::Base::Model::Fingerbank::readAll)
Sep 15 14:53:28 httpd.admin(710) ERROR: Cannot read from 'Combination'
table in schema 'Local'. Cannot search
(pfappserver::PacketFence::Controller::Root::end)

So it looks like there's no database table for this?  I did try to run
all of the updates as well.

And if I try to save from the settings page, I see this :

==> logs/httpd.admin.error <==
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
substitution (s///) at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm
line 35.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value $type in
string eq at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm
line 48.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in string eq
at /usr/local/fingerbank/lib/fingerbank/Config.pm line 191.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
concatenation (.) or string at
/usr/local/fingerbank/lib/fingerbank/Config.pm line 194.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in string eq
at /usr/local/fingerbank/lib/fingerbank/Config.pm line 191.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
concatenation (.) or string at
/usr/local/fingerbank/lib/fingerbank/Config.pm line 194.

> Thanks

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] MySQL has gone away?

2016-09-15 Thread Jason 'XenoPhage' Frisvold

More errors..  I'm a little stumped on this one as there's no load on
the server (still in testing), and tons of resources available..  But,
when I try to save something I see this in the pfconfig log :

==> logs/pfconfig.log <==
Sep 15 15:03:05 pfconfig(5184) ERROR: DBD::mysql::st execute failed:
MySQL server has gone away at
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 84, <$socket> line 1.

Sep 15 15:03:05 pfconfig(5184) ERROR: Couldn't select from table. Error
: DBD::mysql::st execute failed: MySQL server has gone away at
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 84, <$socket> line 1.

The only MySQL tuning I've done is what's recommended in the admin
guide.  But with zero load, this should hardly be necessary ...

The one primary piece that bothers me here is the inclusion of $socket
in there..  I know mysql is up and running, I've checked on it a dozen
times now..  And clearly other pieces of packetfence are working...  So
is this some sort of bug, or ..  ???

I'm running the latest packages available in the packetfence repo, plus
I've applied the latest patches via the addons/pf-maint.pl script..

Thoughts?

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big it is. I mean, you may think it’s
a long way down the road to the chemist’s, but that’s just peanuts to
space.”
- The Hitchhikers Guide to the Galaxy



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/15/16 13:25, Louis Munro wrote:
> Correct, except if you have routed isolation and registration networks.
> DHCP relays for those should point to the PF interface for each.

Hrm...  pfdhcplistener only seems to be listening on localhost..

[root@packetfence0 pf]# netstat -anptu | grep dhcp
tcp0  0 0.0.0.0:79110.0.0.0:*
LISTEN  862/dhcpd
udp0  0 127.0.0.1:56378 127.0.0.1:8125
ESTABLISHED 833/pfdhcplistener_
udp0  0 0.0.0.0:67  0.0.0.0:*
   862/dhcpd
udp0  0 0.0.0.0:92610.0.0.0:*
   862/dhcpd
udp0  0 127.0.0.1:60498 127.0.0.1:8125
ESTABLISHED 829/pfdhcplistener_
udp0  0 127.0.0.1:54655 127.0.0.1:8125
ESTABLISHED 837/pfdhcplistener_
udp6   0  0 :::50204:::*
   862/dhcpd

Am I missing something somewhere?

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016-09-15 Thread Louis Munro


> On Sep 15, 2016, at 2:50 PM, Jason 'XenoPhage' Frisvold 
>  wrote:
> 
> Hrm...  pfdhcplistener only seems to be listening on localhost..
> 
> [root@packetfence0 pf]# netstat -anptu | grep dhcp
> tcp0  0 0.0.0.0:79110.0.0.0:*
> LISTEN  862/dhcpd
> udp0  0 127.0.0.1:56378 127.0.0.1:8125
> ESTABLISHED 833/pfdhcplistener_
> udp0  0 0.0.0.0:67  0.0.0.0:*
>   862/dhcpd
> udp0  0 0.0.0.0:92610.0.0.0:*
>   862/dhcpd
> udp0  0 127.0.0.1:60498 127.0.0.1:8125
> ESTABLISHED 829/pfdhcplistener_
> udp0  0 127.0.0.1:54655 127.0.0.1:8125
> ESTABLISHED 837/pfdhcplistener_
> udp6   0  0 :::50204:::*
>   862/dhcpd
> 
> Am I missing something somewhere?
> 

pfdhcplistener is actually a fancy wrapper around lipcap.

I am not sure how that gets reported by netstat since it does not open a socket.

What does ps -ef | grep pfdhcplistener reports?


--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/15/16 14:56, Louis Munro wrote:
> pfdhcplistener is actually a fancy wrapper around lipcap.
> 
> I am not sure how that gets reported by netstat since it does not open a
> socket.

Hrm.. not sure what that would look like either..  I guess if it's using
libpcap that likely means the port is in promiscuous mode..  tcpdump
doesn't show up on netstat, so this likely won't either.

I have tried tcpdump on the management interface, though, to see if I'm
getting dhcp traffic...  And I'm not seeing anything, which I find a tad
odd ...  But, I think the issue is on the Cisco side..  I'm betting that
if you have the cisco router handing out DHCP you can't also have an ip
helper-address..  I can see from debug output on the router that it's
just not forwarding the traffic, so...

Damn.. this means I need to build a dhcp server...  earlier than I
wanted to..  More work, more work.

Do I lose any major features beyond logging if I don't have the dhcp
requests forwarded?

> What does ps -ef | grep pfdhcplistener reports?

[root@packetfence0 pf]# ps -ef | grep dhcpli
root  1821  1813  0 15:21 ?00:00:00 pfqueue -
Queue:pfdhcplistener
root  1822  1813  0 15:21 ?00:00:00 pfqueue -
Queue:pfdhcplistener
root  1823  1813  0 15:21 ?00:00:00 pfqueue -
Queue:pfdhcplistener
root  1824  1813  0 15:21 ?00:00:00 pfqueue -
Queue:pfdhcplistener
root  1837 1  0 15:21 ?00:00:00 pfdhcplistener_ens6
root  1841 1  0 15:21 ?00:00:00 pfdhcplistener_ens7
root  1845 1  0 15:21 ?00:00:00 pfdhcplistener_ens3

> --
> Louis Munro

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big it is. I mean, you may think it’s
a long way down the road to the chemist’s, but that’s just peanuts to
space.”
- The Hitchhikers Guide to the Galaxy

signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Jason 'XenoPhage' Frisvold

On 9/15/16 16:33, Antoine Amacher wrote:
> Jason,
> 
> You can check your fingerbank local db:
> 
> sqlite3 /usr/local/fingerbank/db/fingerbank_Local.db
> .schema
> 
> If the result is not promising you can re-instantiate your local db by
> doing:
> make init-db-local
> (from the folder /usr/local/fingerbank/)
> 
> Let us know if that's help.

Schema looks just fine to me..  There's nothing in the combination
table, but it's there.

I'm trying to dig through the code a bit to understand what's going on
..  Trying to unravel things.  It's been a while since I did OO Perl
though..  :P

> Thanks

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools."
- The Hitchhikers Guide to the Galaxy



signature.asc
Description: OpenPGP digital signature
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Fingerbank API key not working

2016-09-15 Thread Antoine Amacher


Jason,

You can check your fingerbank local db:

sqlite3 /usr/local/fingerbank/db/fingerbank_Local.db
.schema

If the result is not promising you can re-instantiate your local db by 
doing:

make init-db-local
(from the folder /usr/local/fingerbank/)

Let us know if that's help.

Thanks

On 09/15/2016 02:58 PM, Jason 'XenoPhage' Frisvold wrote:

On 9/15/16 12:56, Antoine Amacher wrote:

The permissions on Fingerbank config file are the one expected.

You could always run: "/usr/local/pf/bin/pfcmd fixpermissions" to ensure
permissions are rights everywhere.

Additionally, when I try to hit other links, I'm getting an error that
the server isn't running..  Is that something I need to explicitly start?

Which links? In the Fingerbank section of the admin? You might want to
have a look into /usr/local/pf/logs/httpd.admin.{log,catalyst,error},
you could get the information about the error.

Which version of PacketFence are you running? You could try to run the
maintenance; "perl /usr/local/pf/addons/pf-maint.pl".

Let us know if that help.

Ok, tried both and restarted packetfence when I was done..  Still
getting the error :

" Error! An error occured while contacting the server. Please try again
later. "

And here's what I'm seeing in the http.admin.* logs :

==> logs/httpd.admin.error <==
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in numeric le
(<=) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in subtraction
(-) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in numeric le
(<=) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.
[Thu Sep 15 14:53:28 2016] -e: Argument "" isn't numeric in subtraction
(-) at /usr/local/pf/html/pfappserver/root/macros.inc line 25.

==> logs/httpd.admin.log <==
Sep 15 14:53:28 httpd.admin(710) ERROR: Cannot read from 'Combination'
table in schema 'Local'. Cannot search
(pfappserver::Base::Model::Fingerbank::readAll)
Sep 15 14:53:28 httpd.admin(710) ERROR: Cannot read from 'Combination'
table in schema 'Local'. Cannot search
(pfappserver::PacketFence::Controller::Root::end)

So it looks like there's no database table for this?  I did try to run
all of the updates as well.

And if I try to save from the settings page, I see this :

==> logs/httpd.admin.error <==
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
substitution (s///) at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm
line 35.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value $type in
string eq at
/usr/local/pf/html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm
line 48.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in string eq
at /usr/local/fingerbank/lib/fingerbank/Config.pm line 191.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
concatenation (.) or string at
/usr/local/fingerbank/lib/fingerbank/Config.pm line 194.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in string eq
at /usr/local/fingerbank/lib/fingerbank/Config.pm line 191.
[Thu Sep 15 14:54:37 2016] -e: Use of uninitialized value in
concatenation (.) or string at
/usr/local/fingerbank/lib/fingerbank/Config.pm line 194.


Thanks



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Block port scanning

2016-09-15 Thread Morris, Andi

You could use snort to trigger on signatures related to port scanning and send 
the culprit into the isolation VLAN.

Cheers,
Andi

From: Jonathan Brown [mailto:jbr...@fmcllc.com]
Sent: 14 September 2016 16:27
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Block port scanning

How would I block any host that tries to port scan my network into an isolated 
VLAN?

Sincerely,

Jonathan Brown

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] parking violation bug?

2016-09-15 Thread Morris, Andi

Nobody else has seen this then? I can't work out why my parking violations are 
triggering after such a short period.

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 07 September 2016 12:50
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] parking violation bug?

Hi all,
I've setup parking to trap devices that have been in the setup portal for over 
3600 seconds, however I noticed a huge amount of users were triggering the 
violation. After doing some testing with my own phone I found that this was 
triggering after just 9 minutes.

I can't see how I've set this up wrong, there's not very much to actually setup!

Has anyone else seen this?

Cheers,
Andi
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Fingerbank API key not working

Re: [PacketFence-users] Fingerbank API key not working

Re: [PacketFence-users] Fingerbank API key not working

Re: [PacketFence-users] OMAPI errors in pf log

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Re: [PacketFence-users] OMAPI errors in pf log

Re: [PacketFence-users] Fingerbank API key not working

[PacketFence-users] OMAPI errors in pf log

[PacketFence-users] Auditing Page shows wrong Created_at dates

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Re: [PacketFence-users] Fingerbank API key not working

[PacketFence-users] MySQL has gone away?

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Re: [PacketFence-users] Fingerbank API key not working

Re: [PacketFence-users] Fingerbank API key not working

Re: [PacketFence-users] Block port scanning

Re: [PacketFence-users] parking violation bug?

19 matches

Site Navigation

Mail list logo

Footer information