Hi there
Just wondering how I can block guests, users from using RDP or accessing
certain servers from our network while using the Open/Public wireless?
In the past this was done on the Aruba Controller side. Been looking at the
roles and rules and cant seem to figure this out.
Thanks!
Blake
Hi.. I asume you're running your portal on https? release 10.2 had
introduced dhcp-based portal discovery (RFC 7720bis support) and apple
devices, most of which should be running a 2020 or newer os, should support
it. if you can capture traffic on the portal interface on your cluster, you
should
you might want to check /usr/local/pg/logs for the file httpd.portal.access
and look for the string rfc7710 in there...
(and sorry, its RFC 7710bis, not 7720bis)
*Diego Garcia del Rio* | CTO | Mediatel S.A. | Tel: +54 11 5218 0463 (x103)
| Cel: +54 9 11 4530-4697 | www.mediatel.com.ar | Juan
i use pf to auth cli .
and everything is ok.but no matter i enter any password 。it accept this
authorization
---
Request Time
0
RADIUS Request
User-Name = "testuser11"
User-Password = "**"
NAS-IP-Address = 10.95.17.6
NAS-Port = 16878920
Service-Type = Login-User
Hello Blake,
You have to put the ACL that block RDP traffic in the Role on the Aruba
controller.
Thanks,
Ludovic Zammit
Product Support Engineer Principal
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
Thanks so much Just verifying. I'll set a time for a meeting within the next
day or so.
Thanks
-Original Message-
From: Zammit, Ludovic
Sent: Thursday, July 8, 2021 6:35 AM
To: packetfence-users@lists.sourceforge.net
Cc: Blake Crossley
Subject: Re: [PacketFence-users] Packetfence
> you might want to check /usr/local/pg/logs for the file httpd.portal.access
> and look for the string rfc7710 in there?
First, thank you for the effort but I didn't see anything in the logs about
rfc7710. But, I have not enabled debugging in the logs yet so there is still
hope.
Quick
I apologize if I did not phrase that correctly.
We ARE using PF for isolation and registration, what we are not using is the
DHCP functionality that PF offers.
We are using our own DHCP servers to provide IPs to clients for registration
and isolation, as well as the standard production
Hello Jake,
as Diego said it can be a lack of the dhcp option for the RFC7710 in your
dhcp server (i coded the dhcp server with all my love and you still don't
want to use it).
It can also be a certificate issue, if the certificate expiration date is
more than x months then apple devices don like
Hello,
it has been fixed but it introduced a new regression.
Can you try that:
https://github.com/inverse-inc/packetfence/commit/2b622a55fda11390d2d7c7cc6752f0dd3d4af2e6
Regards
Fabrice
Le jeu. 8 juil. 2021 à 14:06, mi saki via PacketFence-users <
packetfence-users@lists.sourceforge.net> a
Hello Thapeli,
i can see that you have multiples issues in your config.
First the switch config doesn't looks to be correct.
If the packetfence server is plugged on the port Fa/01 only the vlan 1 is
allowed.
Next you don't have to enable 802.1x on this port.
interface FastEthernet0/1
Thanks .
it worked perfectly
发件人: Fabrice Durand
日期: 2021年7月9日 星期五 上午9:42
收件人:
抄送: mi saki
主题: Re: [PacketFence-users] cli access alwasy accept
Hello,
it has been fixed but it introduced a new regression.
Can you try that:
hi all,
after user get authenticated access duration assigned to it when times up
logs show mac should get deregister but no disconnect-ack auth status
generated like it should
logs :
Jul 6 14:35:43 pfnac packetfence: pfperl-api(154750) INFO: re-evaluating
access (manage_deregister called)
Hi jake,
Its ok.. thats what I had understood
im just surprised that registration / isolation works with an external dhcp
server. I guess thats what the dhcp listener process is there for (snooping
the dhcp client information). In general I always expected packetfence to
identify the client by
not using packetfence for isolation/registration is quite surprising. Is
that supported at all?
Im guessing it works for you.. but still quite surprising. (unless you're
using the built-in captive portal of your APs)
but if you're using an external dhcp server then the RFC7710 path seems
moot...
Hello there,
If your Radius audit log is empty it probably means that the radius
authentication did not work properly or you are still cached from a previous
authentication.
Can you provide the /usr/local/pf/logs/packetfence.log and the
/usr/local/pf/logs/radius.log of the server that does
Hi Ludovic,
Apologies for delayed response. Due to covid restrictions I am working from
home and my lab was still at the office. Today I went and got the equipment.
1. My radius audit log is empty. What does that mean?
2. Radius CoA. Is this on the switch configuration?
17 matches
Mail list logo