Re: [PacketFence-users] Number of devices to connect to the network

2018-01-22 Thread Durand fabrice via PacketFence-users 

Hello Eugene,

Use adsiedit.msc on the AD in order to have a ldap view of your AD and 
check the exact attribute/values.


On my side i use ldapsearch to fix that sort of issue 
(http://www.vinidox.com/ldap/querying-an-ldap-server-from-the-command-line-with-ldap-utils-ldapsearch-ldapadd-ldapmodify/)


Regards

Fabrice



Le 2018-01-22 à 16:54, E.P. a écrit :


I’m observing a weird behavior while doing it, Fabrice.

I did create a rule that should match for just one condition, i.e. 
memberOf


The user I’m authenticating does belong to Users CN in AD and I can 
authenticate normally, here’s the output of pftest authentication 
it.tech XXX command


But for some reason rules are not matched. I even tried to set the 
condition to distingishedName with value taken from AD


To be like this

What bothers me is that I don’t see any LDAP related details coming 
from AD server while debugging radius and authenticating as it.tech user.


Could it be the source of the problem ?

Eugene

*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Friday, January 19, 2018 6:05 PM
*To:* E.P.; packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Number of devices to connect to the 
network


In your AD authentication source, create a rule that match a staff 
group and assign the staff role and an access duration. (memberof 
equal cn=staff,dc=...)


Regards

Fabrice

Le 2018-01-17 à 01:07, E.P. a écrit :

Great!

That confirms my train of thought. But it is still not clear to me
how will it affect the user that authenticates against AD.

Yes, I have created a new role, called “staff” and yes, I have set
a limit of 2 devices for this role.

Then, the end-user just connects to SSID, authenticates and gets
on the network. How would I assign the user to the “staff” role?

Is this where provisioners come to help ?

Eugene

*From:*Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Sent:* Tuesday, January 16, 2018 6:42 AM
*To:* packetfence-users@lists.sourceforge.net

*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Number of devices to connect to
the network

Hello Eugene,

this is exactly where you have to control that.

So just set a limit on the roles where you want to limit the
number of devices per users.

Regards

Fabrice

Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :

It sounds close to the number of devices/nodes a user can
register which is configurable under Configuration-Policies
and access control-Roles, but we don’t allow this luxury to
anyone yet. Just regular network admission control based on
the active AD account

*From:*E.P. [mailto:ype...@gmail.com]
*Sent:* Monday, January 15, 2018 10:54 PM
*To:* packetfence-users@lists.sourceforge.net

*Subject:* Number of devices to connect to the network

Guys,

We are still at the early phases of PF deployment and only now
looking into AD based authentication for wireless devices

Is there any way to limit the number of user devices that can
be connected by one user?

Let’s say the user uses his/her laptop and roams around remote
sites where we provide WiFi with WPA2-Enterprise and we also
allow him/her use the phone (iPhone/Android). No more devices
to connect

Eugene






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org!http://sdm.link/slashdot





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net


https://lists.sourceforge.net/lists/listinfo/packetfence-users




-- 


Fabrice Durand

fdur...@inverse.ca   ::  +1.514.447.4918 (x135) 
::www.inverse.ca 

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Problem with captive portal and ruckus zonedirector

2018-01-22 Thread Durand fabrice via PacketFence-users 

Hello Fabricio,

you are mixing two concepts, inline and hotspot, so you have to choose 
one of them.


If you choose inline then just assign the inline vlan to the ssid 
without any radius config.


If you choose hotspot then assign a production vlan to the ssid with 
radius/hotspot config (cf network admin guide).


Regards

Fabrice



Le 2018-01-22 à 11:13, Fabricio Lorenzon via PacketFence-users a écrit :

Hello, I need help for the problem described below:

I am using packetfence in inline mode to authenticate users of the 
wifi network through the captive portal integrated with Facebook and 
Google in Oauth2 mode.
The packetfence server has a network interface with internet access 
and one configured in inline mode for user access.
The access point (Ruckus) has a wlan in hotspot mode as described in 
the "Network Devices Configuration Guide".
The moment the user connects in the WIFI network is directed is 
directed to the inline interface of packetfence, accesses the captive 
portal and can successfully authenticate using a google or facebook 
account. The problem is that ruckus can not authorize this user's 
access and the WIFI network remains with the message "No internet 
access" and the device remains "unauthorized" in the ruckus 
zonedirector web interface.


Thank's

Fabrício


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: No client IP update in cluster

2018-01-22 Thread Durand fabrice via PacketFence-users 

Hello Luca,


it's also available for Linux: 
https://github.com/inverse-inc/packetfence-dhcp-forwarder/tree/master/dhcp-forwarder 
so you can install it on each cluster's member.



Le 2018-01-22 à 10:34, luca comes via PacketFence-users a écrit :

Hi Fabrice,
I'm using a cluster of ISC DHCPD on CentOS 7 so think I can't use your 
dhcp forwarder. I understand is it only for windows isn't it? Anyway I 
did a test, when the client change role it send a dhcp request to the 
server:


[root@dhcp01 ~]# tail -f /var/log/dhcp/dhcpd.log | grep 00:9c:02:92:ea:b0
Jan 22 12:23:54 dhcp01 dhcpd: DHCPACK to 172.20.251.192 
(00:9c:02:92:ea:b0) via ens160
Jan 22 12:24:00 dhcp01 dhcpd: DHCPREQUEST for 172.20.251.192 from 
00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1: wrong network.
Jan 22 12:24:00 dhcp01 dhcpd: DHCPNAK on 172.20.251.192 to 
00:9c:02:92:ea:b0 via 192.168.167.1
Jan 22 12:24:00 dhcp01 dhcpd: DHCPDISCOVER from 00:9c:02:92:ea:b0 via 
192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPOFFER on 192.168.167.190 to 
00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPREQUEST for 192.168.167.190 
(172.27.112.17) from 00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPACK on 192.168.167.190 to 
00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1


Instead I can't see any packet on the pfdhcplistener for that MAC 
Address. The strange thing is that it is receiving traffic from the 
DHCP on port 767. At the moment I put an helper address on the switch 
so a copy of the traffic is sent directly to the pfdhcplistener and 
the client IP is updated. It's always showed as offline but I don't 
understand why.
If you didn't install the forwarder , from where do you receive the copy 
of the dhcp traffic on the port 767 ?

Also inline/offline is based on the accounting , not from the dhcp.

Regards
Fabrice



Luca

Inviato da Outlook 


*Da:* Durand fabrice via PacketFence-users 


*Inviato:* sabato 20 gennaio 2018 03:21
*A:* packetfence-users@lists.sourceforge.net
*Cc:* Durand fabrice
*Oggetto:* Re: [PacketFence-users] No client IP update in cluster

Hello Lucas,


first use that instead:

https://github.com/inverse-inc/packetfence-dhcp-forwarder


And there is no listening process on UDP 767 but pfdhcplistener 
capture the traffic on 67/68 and 767.


If you tail pfdhcplistener on the server where the vip is , do you see 
some updates from te hproduction dhcp server ?


Also do a capture on the management interface to see if you receive 
something on the port 767. (tshark -i eth0 -f "port 767")



Regards

Fabrice



Le 2018-01-18 à 09:43, luca comes via PacketFence-users a écrit :

Hi all,
I've migrated my single node infrastructure to a 3 node cluster. At 
the moment I'm testing 802.1x with a Cisco catalyst 2950 and the 
authentication is working fine. I also have in production a wireless 
guest access with sponsor on Cisco WLC taht is working really well. 
Unfortunately I noticed that the client IP address is never updated 
on the nodes page. I have a production DHCP server on the same 
management VLAN with udp_reflector pointing to the new VIP on the 
cluster. With single node the problem wasn't showed and the IP was 
correctly updated after a few seconds. The command I'm using on the 
DHCP server is:


/usr/local/bin/udp_reflector -s pcap2:67 -d 172.27.17.7:767 -b 25000 &

Where 172.27.17.7 is the VIP exposed by the cluster.

I would expect UDP port 767 on PF nodes in listening but they are 
not. Is something missing in my configuration?


Thanks

Luca

Inviato da Outlook 



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 


https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Re: How to bypass authentication when pfservice down ?

2018-01-22 Thread Durand fabrice via PacketFence-users 

Hello Max,

you can do: monit summary

Also have a look in /etc/monit.d

Regards

Fabrice



Le 2018-01-22 à 10:16, Max McGrath a écrit :

Fabrice -

How can I check what my current monit configuration looks like (i.e., 
who it is currently set to send to and which configurations have been 
chosen)?


Thanks!

Max

--
Max McGrath 
Infrastructure and Security Manager
Carthage College
262-551-
mmcgr...@carthage.edu 

On Fri, Jan 19, 2018 at 9:23 PM, Durand fabrice via PacketFence-users 
> wrote:


You can just run monit_build_configuration.pl
 without any argument and you
will see how to use it (really easy).



Le 2018-01-19 à 21:50, Yan a écrit :

Hi Fabrice,

Thank you very much for your reply. I know about switch fall back
and have also tested is and it works good. What I'm concern is
wireless. It seems neither Aruba AC nor Ruckus AC has fall back
mode. So I think I should use the monitor script as you
suggested. But I'm not sure exactly how to use it... Is there any
guide about the scripts in addons ? I found it seems to be very
useful.




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Number of devices to connect to the network

2018-01-22 Thread E.P. via PacketFence-users 
I’m observing a weird behavior while doing it, Fabrice.

I did create a rule that should match for just one condition, i.e. memberOf

 



 

The user I’m authenticating does belong to Users CN in AD and I can
authenticate normally, here’s the output of pftest authentication it.tech
XXX command

 



 

But for some reason rules are not matched. I even tried to set the condition
to distingishedName with value taken from AD

 



 

To be like this

 



 

 

What bothers me is that I don’t see any LDAP related details coming from AD
server while debugging radius and authenticating as it.tech user.

Could it be the source of the problem ?

 

Eugene

From: Durand fabrice [mailto:fdur...@inverse.ca] 
Sent: Friday, January 19, 2018 6:05 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

In your AD authentication source, create a rule that match a staff group and
assign the staff role and an access duration. (memberof equal
cn=staff,dc=...)

Regards

Fabrice

 

 

 

Le 2018-01-17 à 01:07, E.P. a écrit :

Great!

That confirms my train of thought. But it is still not clear to me how will
it affect the user that authenticates against AD.

Yes, I have created a new role, called “staff” and yes, I have set a limit
of 2 devices for this role. 

Then, the end-user just connects to SSID, authenticates and gets on the
network. How would I assign the user to the “staff” role?

Is this where provisioners come to help ?

 

Eugene

 

From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Tuesday, January 16, 2018 6:42 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Number of devices to connect to the network

 

Hello Eugene,

this is exactly where you have to control that.

So just set a limit on the roles where you want to limit the number of
devices per users.

Regards

Fabrice

 

 

Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit :

It sounds close to the number of devices/nodes a user can register which is
configurable under Configuration-Policies and access control-Roles, but we
don’t allow this luxury to anyone yet. Just regular network admission
control based on the active AD account

 

From: E.P. [mailto:ype...@gmail.com] 
Sent: Monday, January 15, 2018 10:54 PM
To: packetfence-users@lists.sourceforge.net
Subject: Number of devices to connect to the network

 

Guys,

We are still at the early phases of PF deployment and only now looking into
AD based authentication for wireless devices

Is there any way to limit the number of user devices that can be connected
by one user?

Let’s say the user uses his/her laptop and roams around remote sites where
we provide WiFi with WPA2-Enterprise and we also allow him/her use the phone
(iPhone/Android). No more devices to connect

 

Eugene








--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot







___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org) 

 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] RES: No translation on "Enabling network access" page

2018-01-22 Thread Rafael Rocha via PacketFence-users 
Virginie,
Try to use an editor of files .po and replace the mo file with the most and 
accurate file that has your desire translation text.
Make the corrections on the msgid of last two phrases. Erase the first “” and 
try again, if this change was not you, do the replacement and substitute the mo 
file too.

   msgid ""
"Your network access is currently being enabled. Once network connectivity 
is"
msgstr "Votre accès réseau est présentement en activation. Une fois la 
connectivité réseau établie, vous serez automatiquement redirigé."

should be:

msgid "Your network access is currently being enabled. Once network 
connectivity is"
msgstr "Votre accès réseau est présentement en activation. Une fois la 
connectivité réseau établie, vous serez automatiquement redirigé."



I did my corrections using this one.
https://localise.biz/free/poeditor

Regards,
Rafael.


De: Virginie Girou via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Enviada em: segunda-feira, 22 de janeiro de 2018 06:13
Para: packetfence-users@lists.sourceforge.net
Cc: Virginie Girou 
Assunto: Re: [PacketFence-users] No translation on "Enabling network access" 
page

Hello Fabrice,

Yes, packetfence.po includes the three messages below, none of them appears in 
french during the "access" page while "authentication" page is in french :

# html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module.pm
msgid "release: enabling network"
msgstr "Activation de l'acces réseau"

 # html/captive-portal/templates/release.html
msgid ""
"Your network access is currently being enabled. Once network connectivity 
is"
" established you will be automatically redirected."
msgstr "Votre accès réseau est présentement en activation.  Une fois la 
connectivité réseau établie, vous serez automatiquement redirigé."

# ...
msgid ""
"If you have any questions regarding the registration process please 
contact "
"your local support staff."
msgstr "Si vous avez la moindre question concernant le processus 
d’enregistrement veuillez contacter le support."

I join a screenshot (i translate directly in Root.pm the only french line that 
appears).

Hope you'll have an idea ...

Regards,



Virginie Girou

Equipe systeme

DSI - UT1 Capitole

Tel : +33 (0)5.61.63.39.19
Le 20/01/2018 02:48, Durand fabrice via PacketFence-users a écrit :
Hello Virginie,

in conf/locale/fr/LC_MESSAGES/packetfence.po can you check if you have :

# html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module.pm
msgid "release: enabling network"
msgstr "Activation de l'acces réseau"

Regards

Fabrice



Le 2018-01-16 à 10:19, Virginie Girou via PacketFence-users a écrit :

Hello,

We use a packetfence as captive portal in our university (v 7.0) using french 
language but first installed in v 6.4 and then updated.

I've installed another one directly in 7.3 for test before production, but the 
entire "Enabling network access" page stays in english even if i choose french 
language in the portal configuration (or another language).
All others are correctly in french.

I don't even find the file where i could translate title and messages.

Could you help me please, i am stuck ...

Regards,


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

!DSPAM:67760,5a62a01634971071191456!


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] RES: Sponsor emails not enconding

2018-01-22 Thread Rafael Rocha via PacketFence-users 
Luis, try rewriting the email_activation template using the html special 
encoding systems for the special letters.
http://www.lsi.usp.br/~help/html/iso.html

Regards,
Rafael.


De: Luís Torres via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Enviada em: domingo, 21 de janeiro de 2018 12:48
Para: packetfence-users@lists.sourceforge.net
Cc: Luís Torres 
Assunto: Re: [PacketFence-users] Sponsor emails not enconding


Hello Fabrice,



not related to the browser cause everything in the browser works just fine as 
usually. Its only the emails that is sent to the sponsor and to the guest that 
are not encoded.



Any ideas that what could be?



Regards

LT



Em 2018-01-20 20:36, Durand fabrice via PacketFence-users escreveu:

Hello Luís,

i am not an expert of the localization but did you tried to change the charset 
of your browser to see if there is a difference ?

Regards

Fabrice



Le 2018-01-20 à 04:13, Luís Torres via PacketFence-users a écrit :

Hello Fabrice,



still the same:

"

Ol�,

tess tess Solicitando acesso de convidado a rede.

Acesso n�o autorizado caso n�o seja convidado.

Aqui est�o as informa��es fornecidas pelo convidado no formul�rio de 
inscri��o.:"



LT



Em 2018-01-20 02:29, Durand fabrice via PacketFence-users escreveu:

Hello Luís,

edit the po file (conf/locales/...) and once done in  /usr/local/pf do a make 
translation.

Regards

Fabrice



Le 2018-01-19 à 10:37, Luís Torres via PacketFence-users a écrit :

Hello,



" a informa�ao"

This is how emails to sponsor aproving is showing . Seems is not encoding in 
the properly charset



How I cant change this on the "emails-guest_sponsor_activation.html"



Many thanks






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Problem with captive portal and ruckus zonedirector

2018-01-22 Thread Fabricio Lorenzon via PacketFence-users 
Hello, I need help for the problem described below:

I am using packetfence in inline mode to authenticate users of the wifi
network through the captive portal integrated with Facebook and Google in
Oauth2 mode.
The packetfence server has a network interface with internet access and one
configured in inline mode for user access.
The access point (Ruckus) has a wlan in hotspot mode as described in the
"Network Devices Configuration Guide".
The moment the user connects in the WIFI network is directed is directed to
the inline interface of packetfence, accesses the captive portal and can
successfully authenticate using a google or facebook account. The problem
is that ruckus can not authorize this user's access and the WIFI network
remains with the message "No internet access" and the device remains
"unauthorized" in the ruckus zonedirector web interface.

Thank's

Fabrício
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Vlan Pooling Question

2018-01-22 Thread Truax, Peter via PacketFence-users 
Max ,

We have a custom-built NAC based off of a network monitoring software called 
Auconet BICS and a vanilla install of FreeRadius. It’s not officially 
supported, costs us a few thousand a year, is difficult to configure. Also, we 
just learned that the person who wrote it for us has left the company. So, time 
to explore other options. After playing with and learning PacketFence for about 
6 months, I believe this is just the software we need.

Regards,

Peter

From: Max McGrath via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Friday, January 19, 2018 6:23 PM
To: ML PF 
Cc: Max McGrath 
Subject: Re: [PacketFence-users] Vlan Pooling Question

Peter -

What NAC system are you replacing with PacketFence and why? Just curious...

We've been happy PacketFence users for the last 5 years.

On Jan 16, 2018 1:45 PM, "Truax, Peter via PacketFence-users" 
>
 wrote:
Hello everyone,

We are implementing PacketFence using Out-of-Band enforcement using MAC 
Authentication.

We have a situation where we would like to use 2 vlans for the same role. The 
vlans would be automatically assigned via some mechanism. For example, we have 
more Students than one vlan can use effectively by best practice. So, we use 
vlan 600 and 601 to be “Students.” These are now assigned by our NAC solution 
via round-robin that we are replacing with PacketFence.

According to the Administration Guide at 
https://packetfence.org/doc/PacketFence_Administration_Guide.html section 10.1, 
vlan pooling is supported. This sounds like what we want to do.

Can someone clarify the instructions a bit?  Do we configure the vlan pool in 
the Role by VLAN ID section of the Switch? And how do you specify which of the 
2 algorithms (hash of username, or round-robin)?

We have attempted this by inputing 600,601 into the Roles by VLAN ID, but 
looking at the debug output, PacketFence sends “600,601” as the vlan assigned 
to the switch. Obviously this fails.

Regards,

Peter Truax
Network Administrator
(360) 688-2240
St. Martin’s University
5000 Abbey Way E
Lacey, WA 98503

[cid:image001.png@01D39358.A2496340]


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Re: How to bypass authentication when pfservice down ?

2018-01-22 Thread Max McGrath via PacketFence-users 
Fabrice -

How can I check what my current monit configuration looks like (i.e., who
it is currently set to send to and which configurations have been chosen)?

Thanks!

Max

--
Max McGrath  
Infrastructure and Security Manager
Carthage College
262-551-
mmcgr...@carthage.edu

On Fri, Jan 19, 2018 at 9:23 PM, Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> You can just run monit_build_configuration.pl without any argument and
> you will see how to use it (really easy).
>
>
>
> Le 2018-01-19 à 21:50, Yan a écrit :
>
> Hi Fabrice,
>
> Thank you very much for your reply. I know about switch fall back and have
> also tested is and it works good. What I'm concern is wireless. It seems
> neither Aruba AC nor Ruckus AC has fall back mode. So I think I should use
> the monitor script as you suggested. But I'm not sure exactly how to use
> it... Is there any guide about the scripts in addons ? I found it seems to
> be very useful.
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: No client IP update in cluster

2018-01-22 Thread luca comes via PacketFence-users 
Hi Fabrice,
I'm using a cluster of ISC DHCPD on CentOS 7 so think I can't use your dhcp 
forwarder. I understand is it only for windows isn't it? Anyway I did a test, 
when the client change role it send a dhcp request to the server:

[root@dhcp01 ~]# tail -f /var/log/dhcp/dhcpd.log | grep 00:9c:02:92:ea:b0
Jan 22 12:23:54 dhcp01 dhcpd: DHCPACK to 172.20.251.192 (00:9c:02:92:ea:b0) via 
ens160
Jan 22 12:24:00 dhcp01 dhcpd: DHCPREQUEST for 172.20.251.192 from 
00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1: wrong network.
Jan 22 12:24:00 dhcp01 dhcpd: DHCPNAK on 172.20.251.192 to 00:9c:02:92:ea:b0 
via 192.168.167.1
Jan 22 12:24:00 dhcp01 dhcpd: DHCPDISCOVER from 00:9c:02:92:ea:b0 via 
192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPOFFER on 192.168.167.190 to 00:9c:02:92:ea:b0 
(LAB3-NB) via 192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPREQUEST for 192.168.167.190 (172.27.112.17) 
from 00:9c:02:92:ea:b0 (LAB3-NB) via 192.168.167.1
Jan 22 12:24:01 dhcp01 dhcpd: DHCPACK on 192.168.167.190 to 00:9c:02:92:ea:b0 
(LAB3-NB) via 192.168.167.1

Instead I can't see any packet on the pfdhcplistener for that MAC Address. The 
strange thing is that it is receiving traffic from the DHCP on port 767. At the 
moment I put an helper address on the switch so a copy of the traffic is sent 
directly to the pfdhcplistener and the client IP is updated. It's always showed 
as offline but I don't understand why.

Luca


Inviato da Outlook


Da: Durand fabrice via PacketFence-users 

Inviato: sabato 20 gennaio 2018 03:21
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] No client IP update in cluster


Hello Lucas,


first use that instead:

https://github.com/inverse-inc/packetfence-dhcp-forwarder


And there is no listening process on UDP 767 but pfdhcplistener capture the 
traffic on 67/68 and 767.

If you tail pfdhcplistener on the server where the vip is , do you see some 
updates from te hproduction dhcp server ?

Also do a capture on the management interface to see if you receive something 
on the port 767. (tshark -i eth0 -f "port 767")


Regards

Fabrice


Le 2018-01-18 à 09:43, luca comes via PacketFence-users a écrit :
Hi all,
I've migrated my single node infrastructure to a 3 node cluster. At the moment 
I'm testing 802.1x with a Cisco catalyst 2950 and the authentication is working 
fine. I also have in production a wireless guest access with sponsor on Cisco 
WLC taht is working really well. Unfortunately I noticed that the client IP 
address is never updated on the nodes page. I have a production DHCP server on 
the same management VLAN with udp_reflector pointing to the new VIP on the 
cluster. With single node the problem wasn't showed and the IP was correctly 
updated after a few seconds. The command I'm using on the DHCP server is:

/usr/local/bin/udp_reflector -s pcap2:67 -d 172.27.17.7:767 -b 25000 &

Where 172.27.17.7 is the VIP exposed by the cluster.

I would expect UDP port 767 on PF nodes in listening but they are not. Is 
something missing in my configuration?

Thanks

Luca


Inviato da Outlook



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

2018-01-22 Thread Frederic Hermann via PacketFence-users 

Hi Timothy, All

Thanks for sharing this. We've been able to activate mac-address auth on 
dynamic VLAN (from radius server) using your example below.
For the record, it's also possible to activate radius accounting using the same 
method : 

In the config.properties of your controler for the relevant site, you can the 
following lines, if you have 2 SSID on your site: 

/var/lib/unifi/sites//config.properties
config.system_cfg.1=aaa.1.auth_cache=disabled
config.system_cfg.2=aaa.2.auth_cache=disabled
config.system_cfg.3=aaa.1.dynamic_vlan=1
config.system_cfg.4=aaa.2.dynamic_vlan=1
config.system_cfg.5=aaa.1.radius.acct.1.ip=
config.system_cfg.6=aaa.1.radius.acct.1.port=
config.system_cfg.7=aaa.1.radius.acct.1.secret=
config.system_cfg.8=aaa.2.radius.acct.1.ip=
config.system_cfg.9=aaa.2.radius.acct.1.port=
config.system_cfg.10=aaa.2.radius.acct.1.secret= 

After re-provisioning the AP in the controler, your AP should start sending 
connection stat to your radius server. 

Hope this helps, 

Regards 



- Mail original -
> De: "Timothy Mullican via PacketFence-users" 
> 
> À: packetfence-users@lists.sourceforge.net
> Cc: "Timothy Mullican" 
> Envoyé: Dimanche 17 Décembre 2017 04:54:41
> Objet: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

> All,

> I was able to solve my issue with the mac address authentication dynamic vlan
> assignment not working. You will have to download the latest beta firmware --
> 3.9.15.8011 -- from Ubiquiti (see
> https://community.ubnt.com/t5/UniFi-Beta-Blog/UniFi-5-7-10-Testing-has-been-released/ba-p/2169697)
> and apply it to your APs. From the UniFi 5.7.10 Changelog (see
> https://community.ubnt.com/t5/UniFi-Beta-Blog/UniFi-5-7-10-Testing-has-been-released/ba-p/2169697?attachment-id=87025):

> Firmware changes since 3.9.14:
> [UAPG3] Add RADIUS VLAN support to MAC authentication bypass.

> Firmware changes since 3.9.10/4.4.12:
> [UAPG2] Add RADIUS VLAN support to MAC authentication bypass.

> I had to make the following changes in order for dynamic vlan assignment with
> mac address authentication to work. On one of your UniFi APs, run the
> following:

> # cat /tmp/system.cfg | grep ssid

> Note which IDs are tied to your SSIDs using mac address authentication.

> On your controller, create a file called "config.properties" in your active
> site. For Linux the default install location is likely
> "/usr/lib/unifi/data/sites/X/config.properties". For Linux the default
> install location is likely "C:\Users\\Ubiquiti
> Unifi\data\sites\X\config.properties". Replace "X" with your
> active site, likely "default". For Windows, replace "" with the
> account that installed the UniFi Controller software.

> In the config.properties file, enter the following:
> config.system_cfg.1=aaa.X.dynamic_vlan=1
> config.system_cfg.2=aaa.X.dynamic_vlan=1

> Replace "X" with the IDs you noted above. If you have any questions about the
> config.properties file, see
> https://help.ubnt.com/hc/en-us/articles/205223330-UniFi-How-to-make-persistent-changes-to-UAP-s-system-cfg.

> For example, my SSID ID's using mac address authentication were 2 and 5, so I
> would add the following:
> config.system_cfg.1=aaa.2.dynamic_vlan=1
> config.system_cfg.2=aaa.5.dynamic_vlan=1

> Once you are done adding, you need to manually re-provision the applicable 
> APs.
> Do the following:
> From the controller web ui, click on the applicable AP, select config->Manage
> Device, and click Provision. Once this is complete, dynamic VLAN assignment
> with mac authentication should work correctly.

> I didn't see an option in the GUI to enable this, but it's possible I missed 
> it.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] users stay in registration VLAN after authentication success

2018-01-22 Thread Fabrice Durand via PacketFence-users 
Hello Tom,

there : https://pf_mgmt:1443/admin/configuration#configuration/main/advanced

Regards
Fabrice

Le 2018-01-20 à 19:03, tom lo a écrit :
> Hi Durand,
>
> What change should I make on PF to "disable update locationlog on accounting"?
>
>
> Regards,
> Tom
>
> On Sun, Jan 21, 2018 at 4:31 AM, Durand fabrice  wrote:
>> Hello Tom,
>>
>>
>> Le 2018-01-20 à 03:02, tom lo a écrit :
>>> Hi Durand,
>>>
>>>
>>> Thanks for your reply and please see if my understanding is correct
>>> about the locationlog.
>>> If the locationlog is correct, from mysql, I should see one entry when
>>> a device reach captive portal, and another entry immediately after the
>>> authentication complete, with matching start / end time?
>>> If the locationlog is wrong, the new entry may be missing even the
>>> authentication is completed?
>> In fact when PacketFence receive a radius request , it will update the
>> location log, so just after the registration on the captive portal
>> Packetfence need to know where the device is to send a disconnection.
>> And if the disconnection succeed you will see a new entry in the
>> locationlog.
>>>
>>> I checked a log from an issue reported few hours ago. User
>>> "12:34:56:33:22:11" completed the authentication at 11:11am, but there
>>> is no entry about the updated role (staff) for this device until the
>>> user retry the connection at 13:06.  Is this a kind of wrong
>>> locationlog?
>> Yes probably if you see no locationlog entry was found in the log.
>> But it can also be a issue with a cache on the controller,if there is no new
>> radius request each time the device connect on the ssid per example.
>>>
>>> I also found another mysql output for a device which had a smooth VLAN
>>> re-direction in its 1st try. mysql output shows one entry when a
>>> device reach captive portal, and another entry after the
>>> authentication complete with matching start / end time.
>>>
>>> Also, for your information, we are using Ruckus ZoneDirector and the
>>> SSID setting is mac-auth.
>>>
>>> I'll check with users in real-time to see about the queue and mysql
>>> output, and let you know the result.
>>>
>>>
>>> The following is the related log / mysql output for the issue reported.
>> Before "Jan 20 11:11:59" do you see "INFO: [mac:12:34:56:33:22:11] handling
>> radius autz request" ? if no then the device is on the registration network
>> but PacketFence never receive the radius request !
>>>
>>> Jan 20 11:11:59 httpd.portal(6296) INFO: [mac:12:34:56:33:22:11]
>>> re-evaluating access (manage_register called)
>>> (pf::enforcement::reevaluate_access)
>>> Jan 20 11:11:59 httpd.portal(6296) WARN: [mac:12:34:56:33:22:11] Can't
>>> re-evaluate access because no open locationlog entry was found
>>> (pf::enforcement::reevaluate_access)
>>> Jan 20 11:15:29 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] Updating
>>> locationlog from accounting request
>>> (pf::api::handle_accounting_metadata)
>>> Jan 20 13:06:53 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] handling
>>> radius autz request...
>>>
>>> select * from locationlog where mac="12:34:56:33:22:11";
>>>
>>> +---+-+--+--+--+---+-+---+--+-+-+-+---++---++
>>> | mac   | switch  | port | vlan | role
>>> |connection_type   | connection_sub_type | dot1x_username| ssid
>>> | start_time  | end_time| switch_ip   |switch_mac
>>> | stripped_user_name | realm | session_id |
>>>
>>> +---+-+--+--+--+---+-+---+--+-+-+-+---++---++
>>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 50   | staff
>>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>>> | 2018-01-20 13:06:53 | -00-00 00:00:00 | 172.18.4.61| 11:22:33:44:55:0d
>>> | 12:34:56:33:22:11  | null  | NULL   |
>>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 501  | registration
>>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>>> | 2018-01-20 11:10:51 | 2018-01-20 11:11:12 | 172.18.4.61| 11:22:33:44:55:09
>>> | 12:34:56:33:22:11  | null  | NULL   |
>>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 501  | registration
>>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>>> | 2018-01-20 11:11:12 | 2018-01-20 11:11:38 | 172.18.4.61| 11:22:33:44:55:0d
>>> | 12:34:56:33:22:11  | null  | NULL   |
>>>
>>>

Re: [PacketFence-users] users stay in registration VLAN after authentication success

2018-01-22 Thread tom lo via PacketFence-users 
Hi Durand,

What change should I make on PF to "disable update locationlog on accounting"?


Regards,
Tom

On Sun, Jan 21, 2018 at 4:31 AM, Durand fabrice  wrote:
> Hello Tom,
>
>
> Le 2018-01-20 à 03:02, tom lo a écrit :
>>
>> Hi Durand,
>>
>>
>> Thanks for your reply and please see if my understanding is correct
>> about the locationlog.
>> If the locationlog is correct, from mysql, I should see one entry when
>> a device reach captive portal, and another entry immediately after the
>> authentication complete, with matching start / end time?
>> If the locationlog is wrong, the new entry may be missing even the
>> authentication is completed?
>
> In fact when PacketFence receive a radius request , it will update the
> location log, so just after the registration on the captive portal
> Packetfence need to know where the device is to send a disconnection.
> And if the disconnection succeed you will see a new entry in the
> locationlog.
>>
>>
>> I checked a log from an issue reported few hours ago. User
>> "12:34:56:33:22:11" completed the authentication at 11:11am, but there
>> is no entry about the updated role (staff) for this device until the
>> user retry the connection at 13:06.  Is this a kind of wrong
>> locationlog?
>
> Yes probably if you see no locationlog entry was found in the log.
> But it can also be a issue with a cache on the controller,if there is no new
> radius request each time the device connect on the ssid per example.
>>
>>
>> I also found another mysql output for a device which had a smooth VLAN
>> re-direction in its 1st try. mysql output shows one entry when a
>> device reach captive portal, and another entry after the
>> authentication complete with matching start / end time.
>>
>> Also, for your information, we are using Ruckus ZoneDirector and the
>> SSID setting is mac-auth.
>>
>> I'll check with users in real-time to see about the queue and mysql
>> output, and let you know the result.
>>
>>
>> The following is the related log / mysql output for the issue reported.
>
> Before "Jan 20 11:11:59" do you see "INFO: [mac:12:34:56:33:22:11] handling
> radius autz request" ? if no then the device is on the registration network
> but PacketFence never receive the radius request !
>>
>>
>> Jan 20 11:11:59 httpd.portal(6296) INFO: [mac:12:34:56:33:22:11]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 20 11:11:59 httpd.portal(6296) WARN: [mac:12:34:56:33:22:11] Can't
>> re-evaluate access because no open locationlog entry was found
>> (pf::enforcement::reevaluate_access)
>> Jan 20 11:15:29 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] Updating
>> locationlog from accounting request
>> (pf::api::handle_accounting_metadata)
>> Jan 20 13:06:53 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] handling
>> radius autz request...
>>
>> select * from locationlog where mac="12:34:56:33:22:11";
>>
>> +---+-+--+--+--+---+-+---+--+-+-+-+---++---++
>> | mac   | switch  | port | vlan | role
>> |connection_type   | connection_sub_type | dot1x_username| ssid
>> | start_time  | end_time| switch_ip   |switch_mac
>> | stripped_user_name | realm | session_id |
>>
>> +---+-+--+--+--+---+-+---+--+-+-+-+---++---++
>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 50   | staff
>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>> | 2018-01-20 13:06:53 | -00-00 00:00:00 | 172.18.4.61| 11:22:33:44:55:0d
>> | 12:34:56:33:22:11  | null  | NULL   |
>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 501  | registration
>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>> | 2018-01-20 11:10:51 | 2018-01-20 11:11:12 | 172.18.4.61| 11:22:33:44:55:09
>> | 12:34:56:33:22:11  | null  | NULL   |
>> | 12:34:56:33:22:11 | 172.18.4.61 | 0| 501  | registration
>> |Wireless-802.11-NoEAP | NULL| 12:34:56:33:22:11 |SSID_A
>> | 2018-01-20 11:11:12 | 2018-01-20 11:11:38 | 172.18.4.61| 11:22:33:44:55:0d
>> | 12:34:56:33:22:11  | null  | NULL   |
>>
>> +---+-+--+--+--+---+-+---+--+-+-+-+---++---++
>
> Really strange , it look that something closed the locationlog just before
> you register on the portal.
> Can you disable update locationlog on accounting and retry ?
> Regards
> Fabrice
>
>
>>
>>

Re: [PacketFence-users] No translation on "Enabling network access" page

2018-01-22 Thread Virginie Girou via PacketFence-users 

Hello Fabrice,

Yes, packetfence.po includes the three messages below, none of them 
appears in french during the "access" page while "authentication" page 
is in french :


/# 
html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module.pm /

/msgid "release: enabling network"//
//msgstr "Activation de l'acces réseau"/

/# html/captive-portal/templates/release.html//
//msgid ""//
//"Your network access is currently being enabled. Once network 
connectivity is"//

//" established you will be automatically redirected."//
//msgstr "Votre accès réseau est présentement en activation.  Une 
fois la connectivité réseau établie, vous serez automatiquement 
redirigé."/


# ...
/msgid ""//
//"If you have any questions regarding the registration process 
please contact "//

//"your local support staff."//
//msgstr "Si vous avez la moindre question concernant le processus 
d’enregistrement veuillez contacter le support."


/I join a screenshot (i translate directly in Root.pm the only french 
line that appears).


Hope you'll have an idea ...

Regards,

Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19

Le 20/01/2018 02:48, Durand fabrice via PacketFence-users a écrit :

Hello Virginie,

in conf/locale/fr/LC_MESSAGES/packetfence.po can you check if you have :

# 
html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module.pm

msgid "release: enabling network"
msgstr "Activation de l'acces réseau"

Regards

Fabrice



Le 2018-01-16 à 10:19, Virginie Girou via PacketFence-users a écrit :

Hello,

We use a packetfence as captive portal in our university (v 7.0) 
using french language but first installed in v 6.4 and then updated.


I've installed another one directly in 7.3 for test before 
production, but the entire "Enabling network access" page stays in 
english even if i choose french language in the portal configuration 
(or another language).

All others are correctly in french.

I don't even find the file where i could translate title and messages.

Could you help me please, i am stuck ...

Regards,




-- 


Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

!DSPAM:67760,5a62a01634971071191456!




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Issue configuring management interface

2018-01-22 Thread Woody's Delve via PacketFence-users 
Hi,

I am facing issue to define management interface for VLAN enforcement but not 
able to do it checked error logs but unable to identify the issue. 

I have configured it on one of my VM with cent OS package.
Please help!

Thanks
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sponsor emails not enconding

2018-01-22 Thread Luís Torres via PacketFence-users 
 

Hello Fabrice, 

not related to the browser cause everything in the
browser works just fine as usually. Its only the emails that is sent to
the sponsor and to the guest that are not encoded. 

Any ideas that what
could be? 

Regards 

LT 

Em 2018-01-20 20:36, Durand fabrice via
PacketFence-users escreveu: 

> Hello Luís, 
> 
> i am not an expert of
the localization but did you tried to change the charset of your browser
to see if there is a difference ? 
> 
> Regards 
> 
> Fabrice 
> 
> Le
2018-01-20 à 04:13, Luís Torres via PacketFence-users a écrit : 
> 
>>
Hello Fabrice, 
>> 
>> still the same: 
>> 
>> " 
>> 
>> Ol�, 
>> 
>>
tess tess Solicitando acesso de convidado a rede. 
>> 
>> Acesso n�o
autorizado caso n�o seja convidado. 
>> 
>> Aqui est�o as informa��es
fornecidas pelo convidado no formul�rio de inscri��o.:" 
>> 
>> LT 
>>

>> Em 2018-01-20 02:29, Durand fabrice via PacketFence-users escreveu:

>> 
>>> Hello Luís, 
>>> 
>>> edit the po file (conf/locales/...) and
once done in /usr/local/pf do a make translation. 
>>> 
>>> Regards 
>>>

>>> Fabrice 
>>> 
>>> Le 2018-01-19 à 10:37, Luís Torres via
PacketFence-users a écrit : 
>>> 
 Hello, 
 
 " a
informa�ao" 
 
 This is how emails to sponsor aproving is
showing . Seems is not encoding in the properly charset 
 
 How
I cant change this on the "emails-guest_sponsor_activation.html" 


 Many thanks 
 

--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]


 ___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>>

>>>
--
>>>
Check out the vibrant tech community on one of the world's most
>>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>>> 
>>>
___
>>> PacketFence-users
mailing list
>>> PacketFence-users@lists.sourceforge.net
>>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
>>

>>
--
>>
Check out the vibrant tech community on one of the world's most
>>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
>> 
>>
___
>> PacketFence-users
mailing list
>> PacketFence-users@lists.sourceforge.net
>>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]
> 
>
--
>
Check out the vibrant tech community on one of the world's most
>
engaging tech sites, Slashdot.org! http://sdm.link/slashdot [1]
> 
>
___
> PacketFence-users
mailing list
> PacketFence-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/packetfence-users [2]




Links:
--
[1] http://sdm.link/slashdot
[2]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: Can't synchronize new cluster databases

2018-01-22 Thread luca comes via PacketFence-users 
Hi Jason,
it depends on the error you can see inside your guest2 error file. Anyway in my 
case I had a misconfiguration when I first start the master node the other 
memebers had packetfence and mariadb started. So I restored a mysql dump from 
the old standalone server and rebuilt the mysql configuration (mainly the users 
part). Also I checked that on the other memebers all services were shutted 
down. After the master synced correctly to the group (you can see that in the 
.err file) with --force-new-cluster option activated I started the two other 
nodes paying attention on what Fabrice said before (/var/lib/mysql/ emptied) 
and all things went well.

Luca



Da: Durand fabrice via PacketFence-users 

Inviato: sabato 20 gennaio 2018 03:24
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] R: Can't synchronize new cluster databases


What i can also recommend is to remove the content of /var/lib/mysql on the 
other server (not the master one of course) and restart packetfence-mariadb


Regards

Fabrice


Le 2018-01-19 à 04:38, luca comes via PacketFence-users a écrit :
Hi Jason,
I had the same problem last week. First check on your master server if it is 
joined and synced with the cluster you can do that reading the file .err in 
/var/lib/mysql/ and in the database with the query show status like 'wsrep%' as 
stated in the clustering guide.

Luca




Da: Trinklein, Jason R via PacketFence-users 

Inviato: giovedì 18 gennaio 2018 20:19
A: Rafael Rocha via PacketFence-users
Cc: Trinklein, Jason R
Oggetto: [PacketFence-users] Can't synchronize new cluster databases


I’m setting up a new cluster with three total members.



Server1 is running with /usr/local/pf/sbin/pf-mariadb --force-new-cluster

Server2 runs systemctl restart packetfence-mariadb

But fails with:

Job for packetfence-mariadb.service failed because a timeout was exceeded. See 
"systemctl status packetfence-mariadb.service" and "journalctl -xe" for details.

And journalctl shows:

https://pastebin.com/pWn6Nr1D



The systems can ping each other and tcpdump shows mysql packets being sent and 
received by both hosts. There is no firewall between them and they are on the 
same network.



Any ideas?

Thanks,

--

Jason Trinklein

Wireless Engineering Manager

College of Charleston

81 St. Philip Street | Office 311D | Charleston, SC 29403

trinkle...@cofc.edu | (843) 300–8009



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users