Re: [PacketFence-users] tweaking the create users page

2015-10-13 Thread Morris, Andi 
Thanks Derek,
That’s been a really big help and I’m nearly there. What is the format for the 
date field? I’ve tried the following, but I get errors:




The errors I get when creating a user are:
Error! Expiration field is required
Error! ‘expiration’ is not a valid value

The values for dates I’ve tried are:
“-mm-dd”
“/mm/dd”
“-mm-dd hh:mm”
“/mm/dd hh:mm”

Cheers,
Andi


From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: 08 October 2015 18:00
To: ML PF 
Subject: Re: [PacketFence-users] tweaking the create users page

I’ll keep looking for ways to give the users a default unreg date.

Here’s how I usually do it:




Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) 
:: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Oct 8, 2015, at 12:04 PM, Morris, Andi 
> wrote:

Aha, I found the Actions array in /lib/pf/Authentication/constants.pm and 
changed the order. That means that the Actions now shows ‘Set access duration’ 
by default on the create screen, perfect.

I’ll keep looking for ways to give the users a default unreg date.

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 08 October 2015 16:32
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] tweaking the create users page

Thanks Derek,
I can see how that would work for a simple field such as Name, but I can’t work 
it out for the unregistration date.

  77   
   78 [% l('Registration 
Window') %]
   79 
   80   [% form.field('valid_from').render_element | none %] 
   81   [% form.field('expiration').render_element | none %]
   82 
   83   


I still need to swap access duration for the set role action too.


   85   

   86 [% l('Actions') %]

   87 

   88   

   89 

   90   [% FOREACH action IN form.field('actions').fields -%]

   91

Re: [PacketFence-users] Packetfence with Cisco Meraki

2015-10-13 Thread Antoine Amacher 

Hello Silas,

The documentation to configure the Meraki with PacketFence is available 
here(p94-95):


http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf

The IP of the Meraki should be the IP of management you are using to 
connect the webinterface of the Meraki.


Thank you,

On 10/12/2015 04:02 PM, Silas Namenya wrote:


Hi,

We are new to packetfence and trying to setup packetfence with Meraki 
access points in webauth mode. Stuck at the point where to add switch 
on Packetfence config to add the new AP. How do I go about this setup, 
what is the IP of Meraki cloud controller and do I need more setting 
to get this working. Anybody tried Meraki with packetfence? See pic 
attached


What i want to understand is what IP address to use for the Meraki 
Cloud controller and if there are any config requirements for RADIUS, 
SNMP e.t.c to make this work with Meraki.


Any pointer to documentation on this will be most appreciated

Kind Regards,
Sanya Silas.


The contents of this electronic mail message and any attachments are 
confidential and may be legally privileged and protected from 
discovery or disclosure. This message is intended only for the 
personal and confidential use of the intended addressee. If you have 
received this message in error, you are not authorised to view, 
disseminate, distribute or copy this message or any part of it without 
our consent, and you are requested to return it to the sender 
immediately and delete all copies from your system.


The Copy Cat Ltd cannot guarantee that this message or any attachment 
is virus free, does not contain malicious code or is incompatible with 
your electronic system and does not accept liability in respect of 
viruses, malicious code or any related problems that you might 
experience.


Unless specifically stated, any views expressed may not necessarily be 
the Company but that of the sender.




--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Send remote Suricata sensor alerts to PacketFence via syslog

2015-10-13 Thread Boley, Chris 
I'm looking for the correct information to send syslog based alert data from a 
remote Suricata sensor to Packet fence. 
I'm unsure of how to make PacketFence know that it will be getting alerts via 
syslog . 
I've tried to find the appropriate documentation regarding this, however it 
seems a bit hard to locate. 
Can anyone point me in the correct direction?

So far I think I would need to change suricata.yaml to reflect the following 
items (I'd be grateful for any advice there):

# a line based alerts log similar to fast.log into syslog
   - syslog:
  enabled: yes
   identity: "suricata"
   facility: local5
   level: Alert 

# Define your logging outputs.  If none are defined, or they are all
  # disabled you will get the default - console output.
  outputs:
  - console:
  enabled: no
  - file:
  enabled: yes
  filename: /var/log/suricata.log
  - syslog:
  enabled: yes
  facility: local5
  format: "[%i] <%d> -- "

I'm using vanilla syslogd on FreeBSD as my syslog on the sensor.
 I realize I will have to make some changes to its config to forward the alerts 
to the PacketFence server.
I'm not even sure if the syslog format that will be input from suricata to 
syslogd will be compatible. 
I might have to manipulate it with a template in the conf file.


I'm happy to do the reading. 
I've googled and googled and found not much of any meaningful info where this 
topic is concerned. 
I was hoping someone might know of some useful documentation on how to 
manipulate PacketFence and get it to start acting on Suricata alerts...


Chris Boley | Network Engineer | Cogentrix Energy Power Management, LLC 


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence with Cisco Meraki

2015-10-13 Thread Silas Namenya 
Hi,

We are new to packetfence and trying to setup packetfence with Meraki
access points in webauth mode. Stuck at the point where to add switch on
Packetfence config to add the new AP. How do I go about this setup, what is
the IP of Meraki cloud controller and do I need more setting to get this
working. Anybody tried Meraki with packetfence? See pic attached

What i want to understand is what IP address to use for the Meraki Cloud
controller and if there are any config requirements for RADIUS, SNMP e.t.c
to make this work with Meraki.

Any pointer to documentation on this will be most appreciated

Kind Regards,
Sanya Silas.

-- 


The contents of this electronic mail message and any attachments are 
confidential and may be legally privileged and protected from discovery or 
disclosure. This message is intended only for the personal and confidential 
use of the intended addressee. If you have received this message in error, 
you are not authorised to view, disseminate, distribute or copy this 
message or any part of it without our consent, and you are requested to 
return it to the sender immediately and delete all copies from your system.

The Copy Cat Ltd cannot guarantee that this message or any attachment is 
virus free, does not contain malicious code or is incompatible with your 
electronic system and does not accept liability in respect of viruses, 
malicious code or any related problems that you might experience. 

Unless specifically stated, any views expressed may not necessarily be the 
Company but that of the sender.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Out of band without VLAN/switch config - only firewall

2015-10-13 Thread Björn Frostberg 
Hi,

Been trying to read the documentation but don't quite get if it's possible
or "easy" to deploy Packetfence with firewall only integration. I basically
only want user to sign in to a portal and when OK, API call to firewall to
allow that user's IP. Using mainly Palo Alto FW.

No integration to AP nor switch.

Regards, Bjorn
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] pfdhcplistener

2015-10-13 Thread Derek Wuelfrath 
Hello Chinmay,

I’m looking at it and I’ll get back to you.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata  
> wrote:
> 
> Dear Derek,
> Any thought on my issue.
> 
> Regards,
> --Chinmay
> 
> 
> 
> From: "Chinmay Mahata" 
> Sent: Fri, 09 Oct 2015 18:13:36 
> To: "packetfence-users@lists.sourceforge.net" 
> 
> Subject: Re: [PacketFence-users] pfdhcplistener
> Dear Derek,
>  Thanks for your quick response.   I think I could not describe my 
> problem/query properly.
> 
> DHCPD is running on only one interface (eth0) of my PF server, no issue with 
> that.
> 
> Actually at the WAN side (upstream) of my PF server there is another DHCP 
> server is running (though PF server WAN has static IP). Since pfdhcplistener 
> is running at eth1(WAN) also, in the node (web)page I can see many 
> unregistered nodes of WAN network which I don't want.
> 
> I want to see only those nodes in the webpage which are under PF server 
> and who are getting IP addresses from DHCP server running in PF server (on 
> eth0). Hope pfdhcplistener on eth0 only can catch those. 
> 
> So I want to run only one instance of pfdhcplistener on interface eth0 
> (pfdhcplistener_eth0). Please let me know how can I do that.
> 
> Thanks again Derek.
> 
> Regards,
> --Chinmay
> 
> 
> 
> 
> 
> From: Derek Wuelfrath 
> Sent: Thu, 08 Oct 2015 22:11:09 
> To: ML PF 
> Subject: Re: [PacketFence-users] pfdhcplistener
> Chinmay,
> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>> be possible (or it may cause other problem)? Which config item do I need to 
>> modify for that?
> 
> ‘pfdhcplistener’, as its name says, listen for dhcp packets.
> PacketFence starts a ‘pfdhcplistener’ daemon on each of the required network 
> interfaces (in this case, management and inline).
> 
> ‘pfdhcplistener’ is not acting as a DHCP server, dhcpd is. ‘pfdhcplistener’ 
> is only listening to DHCP packet for MAC <-> IP association useful in 
> PacketFence.
> 
> If you do a 
> ps uafx | grep dhcpd
> you should see the dhcpd daemon running with only eth0 as listening interface.
> 
> Cheers!
> dw.
> 
> —
> Derek Wuelfrath
> dwuelfr...@inverse.ca :: +1.514.447.491 
> http://1.514.447.491=0=0=0=ba42cf6a7cd18481ec5520d40f0207840b977b09>8
>  (x110) :: +1.866.353.615 
> http://1.866.353.615=0=0=0=af879f62ee1a7599566197d6e2221d8167f40afc>3
>  (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
> 
>> On Oct 8, 2015, at 10:42 AM, Chinmay Mahata  
>> wrote:
>> 
>> Hi, 
>> I have setup packetfence(5.4.0) with inline enforcement having below 
>> interface details (LAN: eth0, WAN: eth1).
>> 
>> [interface eth0]
>> enforcement=inlinel2
>> type=internal
>> 
>> [interface eth1]
>> type=management
>> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>> be possible (or it may cause other problem)? Which config item do I need to 
>> modify for that?
>> 
>> Waiting for your help.
>> 
>> Thanks in advance.
>> --Chinmay
>> 
>> 
>> 
>> Get your own FREE website, FREE domain & FREE mobile app with Company email. 
>>  
>>  
>> Know
>>  More > 
>> --
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> 
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
> 
> 
> Get your own FREE website, FREE domain & FREE mobile app with Company email.  
>  
> Know
>  More > 
> 
>

Re: [PacketFence-users] Send remote Suricata sensor alerts to PacketFence via syslog

2015-10-13 Thread Derek Wuelfrath 
Hello Chris,

Sorry, I replied to your first message.

I did exactly what you are looking for, but, using syslog-ng on the remote 
sensor.

- You first need to configure Suricata to log to syslog (i think it is the 
default behavior)

- You then need to configure syslog-ng to send a copy of the Suricata log to 
the PacketFence management IP address
  filter f_suricata { match('suricata:' value("MSGHDR")); };
  destination d_suricata { tcp(“PACKETFENCE_MANAGEMENT_IP"); };
  log { source(s_syslog); filter(f_suricata); destination(d_suricata); };

- You need to allow tcp port 514 on the PacketFence firewall (edit the 
/usr/local/pf/conf/iptables.conf file should be enough)

- Make rsyslog (running on the PacketFence server) to listen for remote syslog 
messages
  Uncomment "$ModLoad imtcp" and "$InputTCPServerRun 514" in /etc/rsyslog.conf

- Make sure alert pipe file exists (/usr/local/pf/var/alert)
  mkfifo /usr/local/pf/var/alert

- Configure rsyslog to log remote Suricata log in alert pipe
  :programname, isequal, "suricata" |/usr/local/pf/var/alert

- Configure trapping on PacketFence
  trapping.detection = enabled
  services.snort = disabled
  services.suricata = disabled

- Remove the following check from pfcmd checkup
  
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/pfcmd/checkup.pm#L298
  Comment lines 298 to 303

- Adapt pfdetect regex.
  https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L103
  Comment lines 103 to 131
  Add the following after 131
  if ( $_ =~ 
/^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+?)\].+?\}\s+(.+?):.+?>\s(.+?):/
 ) {

$date = $1;

$sid = $2;

$descr = $3;

$srcip = $5;

$dstip = $6;

} else {

$logger->warn("unknown input: $_ ");

next;

}

Restart both packetfence and rsyslog

Let me know how it goes.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 8:55 AM, Boley, Chris  wrote:
> 
> I'm looking for the correct information to send syslog based alert data from 
> a remote Suricata sensor to Packet fence. 
> I'm unsure of how to make PacketFence know that it will be getting alerts via 
> syslog . 
> I've tried to find the appropriate documentation regarding this, however it 
> seems a bit hard to locate. 
> Can anyone point me in the correct direction?
> 
> So far I think I would need to change suricata.yaml to reflect the following 
> items (I'd be grateful for any advice there):
> 
> # a line based alerts log similar to fast.log into syslog
>   - syslog:
>  enabled: yes
>   identity: "suricata"
>   facility: local5
>   level: Alert 
> 
> # Define your logging outputs.  If none are defined, or they are all
>  # disabled you will get the default - console output.
>  outputs:
>  - console:
>  enabled: no
>  - file:
>  enabled: yes
>  filename: /var/log/suricata.log
>  - syslog:
>  enabled: yes
>  facility: local5
>  format: "[%i] <%d> -- "
> 
> I'm using vanilla syslogd on FreeBSD as my syslog on the sensor.
> I realize I will have to make some changes to its config to forward the 
> alerts to the PacketFence server.
> I'm not even sure if the syslog format that will be input from suricata to 
> syslogd will be compatible. 
> I might have to manipulate it with a template in the conf file.
> 
> 
> I'm happy to do the reading. 
> I've googled and googled and found not much of any meaningful info where this 
> topic is concerned. 
> I was hoping someone might know of some useful documentation on how to 
> manipulate PacketFence and get it to start acting on Suricata alerts...
> 
> 
> Chris Boley | Network Engineer | Cogentrix Energy Power Management, LLC 
> 
> 
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Send remote Suricata sensor alerts to PacketFence via syslog

2015-10-13 Thread Boley, Chris 
Thanks Derek! I will dig into this and let you know where I land.

-Original Message-
From: packetfence-users-requ...@lists.sourceforge.net 
[mailto:packetfence-users-requ...@lists.sourceforge.net] 
Sent: Tuesday, October 13, 2015 2:38 PM
To: packetfence-users@lists.sourceforge.net
Subject: PacketFence-users Digest, Vol 90, Issue 37

Send PacketFence-users mailing list submissions to
packetfence-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/packetfence-users
or, via email, send a message with subject or body 'help' to
packetfence-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
packetfence-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of PacketFence-users digest..."


Today's Topics:

   1. Re: Send remote Suricata sensor alerts to PacketFence via
  syslog (Derek Wuelfrath)
   2. Re: PacketFence-users Digest, Vol 90, Issue 36 (Boley, Chris)
   3. Re: tweaking the create users page (Derek Wuelfrath)


--

Message: 1
Date: Tue, 13 Oct 2015 11:08:07 -0400
From: Derek Wuelfrath 
Subject: Re: [PacketFence-users] Send remote Suricata sensor alerts to
PacketFence via syslog
To: ML PF 
Message-ID: <852d9a2f-31af-446b-806b-5a34d29be...@inverse.ca>
Content-Type: text/plain; charset=utf-8

Hello Chris,

Sorry, I replied to your first message.

I did exactly what you are looking for, but, using syslog-ng on the remote 
sensor.

- You first need to configure Suricata to log to syslog (i think it is the 
default behavior)

- You then need to configure syslog-ng to send a copy of the Suricata log to 
the PacketFence management IP address
  filter f_suricata { match('suricata:' value("MSGHDR")); };
  destination d_suricata { tcp(?PACKETFENCE_MANAGEMENT_IP"); };
  log { source(s_syslog); filter(f_suricata); destination(d_suricata); };

- You need to allow tcp port 514 on the PacketFence firewall (edit the 
/usr/local/pf/conf/iptables.conf file should be enough)

- Make rsyslog (running on the PacketFence server) to listen for remote syslog 
messages
  Uncomment "$ModLoad imtcp" and "$InputTCPServerRun 514" in /etc/rsyslog.conf

- Make sure alert pipe file exists (/usr/local/pf/var/alert)
  mkfifo /usr/local/pf/var/alert

- Configure rsyslog to log remote Suricata log in alert pipe
  :programname, isequal, "suricata" |/usr/local/pf/var/alert

- Configure trapping on PacketFence
  trapping.detection = enabled
  services.snort = disabled
  services.suricata = disabled

- Remove the following check from pfcmd checkup
  
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/pfcmd/checkup.pm#L298
  Comment lines 298 to 303

- Adapt pfdetect regex.
  https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L103
  Comment lines 103 to 131
  Add the following after 131
  if ( $_ =~ 
/^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+?)\].+?\}\s+(.+?):.+?>\s(.+?):/
 ) {

$date = $1;

$sid = $2;

$descr = $3;

$srcip = $5;

$dstip = $6;

} else {

$logger->warn("unknown input: $_ ");

next;

}

Restart both packetfence and rsyslog

Let me know how it goes.

Cheers!
dw.

?
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 8:55 AM, Boley, Chris  wrote:
> 
> I'm looking for the correct information to send syslog based alert data from 
> a remote Suricata sensor to Packet fence. 
> I'm unsure of how to make PacketFence know that it will be getting alerts via 
> syslog . 
> I've tried to find the appropriate documentation regarding this, however it 
> seems a bit hard to locate. 
> Can anyone point me in the correct direction?
> 
> So far I think I would need to change suricata.yaml to reflect the following 
> items (I'd be grateful for any advice there):
> 
> # a line based alerts log similar to fast.log into syslog
>   - syslog:
>  enabled: yes
>   identity: "suricata"
>   facility: local5
>   level: Alert
> 
> # Define your logging outputs.  If none are defined, or they are all  
> # disabled you will get the default - console output.
>  outputs:
>  - console:
>  enabled: no
>  - file:
>  enabled: yes
>  filename: /var/log/suricata.log
>  - syslog:
>  enabled: yes
>  facility: local5
>  format: "[%i] <%d> -- "
> 
> I'm using vanilla syslogd on FreeBSD as my syslog on the sensor.
> I realize I will have to make some changes to its config to forward the 
> alerts to the PacketFence server.
> I'm not even sure if the syslog format that will be input

Re: [PacketFence-users] Packetfence with Cisco Meraki

2015-10-13 Thread Antoine Amacher 

Silas,

Without entering in detail about how the Meraki is sending his requests 
you could do the following.


Configure your controller to send RADIUS requests to PacketFence, and 
then look in the logs/radius.log for message like "Error: Ignoring 
request to authentication address [...] from unknown client [Controller 
@] ...".
You should do that before trying to add the Meraki (in 
Configuration->Switchs), that will give you the IP from where the 
requests are coming from.


From then you need to add the range /24 around this address (in 
Configuration->Switchs) and you should be able to get everything working.


Thanks,

On 10/13/2015 02:36 PM, Sanya Silas wrote:


Thanks Antoine,

I am accessing the webinterface via Meraki Cloud but there is also a 
smaller local page on the Meraki accessible by using my.Meraki.com 
 while connected to the AP which I am able to 
resolve to an IP. Would this be the IP of the cloud controller or 
local AP web interface?


Kind Regards,
Sanya Silas

Hello Silas,

The documentation to configure the Meraki with PacketFence is 
available here(p94-95):


http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf

The IP of the Meraki should be the IP of management you are using to 
connect the webinterface of the Meraki.


Thank you,

On 10/12/2015 04:02 PM, Silas Namenya wrote:


Hi,

We are new to packetfence and trying to setup packetfence with Meraki 
access points in webauth mode. Stuck at the point where to add switch 
on Packetfence config to add the new AP. How do I go about this 
setup, what is the IP of Meraki cloud controller and do I need more 
setting to get this working. Anybody tried Meraki with packetfence? 
See pic attached


What i want to understand is what IP address to use for the Meraki 
Cloud controller and if there are any config requirements for RADIUS, 
SNMP e.t.c to make this work with Meraki.


Any pointer to documentation on this will be most appreciated

Kind Regards,
Sanya Silas.


The contents of this electronic mail message and any attachments are 
confidential and may be legally privileged and protected from 
discovery or disclosure. This message is intended only for the 
personal and confidential use of the intended addressee. If you have 
received this message in error, you are not authorised to view, 
disseminate, distribute or copy this message or any part of it 
without our consent, and you are requested to return it to the sender 
immediately and delete all copies from your system.


The Copy Cat Ltd cannot guarantee that this message or any attachment 
is virus free, does not contain malicious code or is incompatible 
with your electronic system and does not accept liability in respect 
of viruses, malicious code or any related problems that you might 
experience.


Unless specifically stated, any views expressed may not necessarily 
be the Company but that of the sender.




--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 


https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca    ::  +1.514.447.4918 *130  
::www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

--

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net 


https://lists.sourceforge.net/lists/listinfo/packetfence-users



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek Wuelfrath)

2015-10-13 Thread Boley, Chris 
Sorry Derek, I neglected to follow the directions regarding subject line the 
first time round.

It's vanilla FreeBSD 10.2 with Suricata running. It is not a combination of 
softwares. Thanks for your response.

-Original Message-
From: packetfence-users-requ...@lists.sourceforge.net 
[mailto:packetfence-users-requ...@lists.sourceforge.net] 
Sent: Tuesday, October 13, 2015 10:53 AM
To: packetfence-users@lists.sourceforge.net
Subject: PacketFence-users Digest, Vol 90, Issue 36

Send PacketFence-users mailing list submissions to
packetfence-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/packetfence-users
or, via email, send a message with subject or body 'help' to
packetfence-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
packetfence-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of PacketFence-users digest..."


Today's Topics:

   1. Re: Suricata alerts to Packet Fence (Derek Wuelfrath)
   2. Re: pfdhcplistener (Derek Wuelfrath)


--

Message: 1
Date: Tue, 13 Oct 2015 10:41:05 -0400
From: Derek Wuelfrath 
Subject: Re: [PacketFence-users] Suricata alerts to Packet Fence
To: ML PF 
Message-ID: <6c92c7d1-0d78-42df-be14-410dc28c8...@inverse.ca>
Content-Type: text/plain; charset="utf-8"

Hello Chris,

Are you running Suricata on a separate box (I assume). Are you running it 
standalone or withing a security suite (SecurityOnion per example).

Let me know

Cheers!
dw.

?
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 9, 2015, at 5:05 PM, Boley, Chris  wrote:
> 
> Does anyone happen to know where I can find info on sending suricata alert 
> events over to Packet Fence?
>  
>  
> Chris Boley | Network Engineer | Cogentrix Energy Power Management, 
> LLC
> 
>  
> --
>  ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
-- next part --
An HTML attachment was scrubbed...

--

Message: 2
Date: Tue, 13 Oct 2015 10:52:22 -0400
From: Derek Wuelfrath 
Subject: Re: [PacketFence-users] pfdhcplistener
To: ML PF 
Message-ID: <79229123-87df-4f2f-83ab-3231b5525...@inverse.ca>
Content-Type: text/plain; charset="utf-8"

Hello Chinmay,

I?m looking at it and I?ll get back to you.

Cheers!
dw.

?
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata  
> wrote:
> 
> Dear Derek,
> Any thought on my issue.
> 
> Regards,
> --Chinmay
> 
> 
> 
> From: "Chinmay Mahata" 
> Sent: Fri, 09 Oct 2015 18:13:36
> To: "packetfence-users@lists.sourceforge.net" 
> 
> Subject: Re: [PacketFence-users] pfdhcplistener Dear Derek,
>  Thanks for your quick response.   I think I could not describe my 
> problem/query properly.
> 
> DHCPD is running on only one interface (eth0) of my PF server, no issue with 
> that.
> 
> Actually at the WAN side (upstream) of my PF server there is another DHCP 
> server is running (though PF server WAN has static IP). Since pfdhcplistener 
> is running at eth1(WAN) also, in the node (web)page I can see many 
> unregistered nodes of WAN network which I don't want.
> 
> I want to see only those nodes in the webpage which are under PF server 
> and who are getting IP addresses from DHCP server running in PF server (on 
> eth0). Hope pfdhcplistener on eth0 only can catch those. 
> 
> So I want to run only one instance of pfdhcplistener on interface eth0 
> (pfdhcplistener_eth0). Please let me know how can I do that.
> 
> Thanks again Derek.
> 
> Regards,
> --Chinmay
> 
> 
> 
> 
> 
> From: Derek Wuelfrath 
> Sent: Thu, 08 Oct 2015 22:11:09
> To: ML PF 
> Subject: Re: [PacketFence-users] pfdhcplistener Chinmay,
> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one

Re: [PacketFence-users] tweaking the create users page

2015-10-13 Thread Derek Wuelfrath 
Andi,

What is the “expiration” action type ?

Can you send me the whole file so I see what you are trying to do.

If you try to hide the “registration window” section use the followings:




For the “actions” section, the followings:







Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 9:22 AM, Morris, Andi  wrote:
> 
> Thanks Derek,
> That’s been a really big help and I’m nearly there. What is the format for 
> the date field? I’ve tried the following, but I get errors:
>  
> 
> 
>  
> The errors I get when creating a user are:
> Error! Expiration field is required
> Error! ‘expiration’ is not a valid value
>  
> The values for dates I’ve tried are:
> “-mm-dd”
> “/mm/dd”
> “-mm-dd hh:mm”
> “/mm/dd hh:mm”
>  
> Cheers,
> Andi
>  
>  
> From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca] 
> Sent: 08 October 2015 18:00
> To: ML PF 
> Subject: Re: [PacketFence-users] tweaking the create users page
>  
> I’ll keep looking for ways to give the users a default unreg date.
>  
> Here’s how I usually do it:
>  
> 
> 
> 
> Cheers!
> dw.
>  
> —
> Derek Wuelfrath
> dwuelfr...@inverse.ca  :: +1.514.447.4918 
> (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
> PacketFence (www.packetfence.org )
>  
> On Oct 8, 2015, at 12:04 PM, Morris, Andi  > wrote:
>  
> Aha, I found the Actions array in /lib/pf/Authentication/constants.pm and 
> changed the order. That means that the Actions now shows ‘Set access 
> duration’ by default on the create screen, perfect.
>  
> I’ll keep looking for ways to give the users a default unreg date.
>  
> Cheers,
> Andi
>  
> From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk 
> ] 
> Sent: 08 October 2015 16:32
> To: packetfence-users@lists.sourceforge.net 
> 
> Subject: Re: [PacketFence-users] tweaking the create users page
>  
> Thanks Derek,
> I can see how that would work for a simple field such as Name, but I can’t 
> work it out for the unregistration date.
>  
>   77   
>  <>   78 [% l('Registration 
> Window') %]
>  <>   79 
>  <>   80   [% form.field('valid_from').render_element | none %]  class="icon-arrow-right">
>  <>   81   [% form.field('expiration').render_element | none %]
>  <>   82 
>  <>   83   
>  
>  
> I still need to swap access duration for the set role action too.
>  
>85   
>  <>   86 [% l('Actions') %]
>  <>   87 
>  <>   88   
>  <>   89 
>  <>   90   [% FOREACH action IN form.field('actions').fields -%]
>  <>   91

Re: [PacketFence-users] tweaking the create users page

2015-10-13 Thread Morris, Andi 
Aha, I think I now see that this is not because of the format of the date, but 
because the ‘expiration’ field isn’t declared as an Action.

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 13 October 2015 14:33
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] tweaking the create users page

Thanks Derek,
That’s been a really big help and I’m nearly there. What is the format for the 
date field? I’ve tried the following, but I get errors:




The errors I get when creating a user are:
Error! Expiration field is required
Error! ‘expiration’ is not a valid value

The values for dates I’ve tried are:
“-mm-dd”
“/mm/dd”
“-mm-dd hh:mm”
“/mm/dd hh:mm”

Cheers,
Andi


From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: 08 October 2015 18:00
To: ML PF 
>
Subject: Re: [PacketFence-users] tweaking the create users page

I’ll keep looking for ways to give the users a default unreg date.

Here’s how I usually do it:




Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) 
:: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Oct 8, 2015, at 12:04 PM, Morris, Andi 
> wrote:

Aha, I found the Actions array in /lib/pf/Authentication/constants.pm and 
changed the order. That means that the Actions now shows ‘Set access duration’ 
by default on the create screen, perfect.

I’ll keep looking for ways to give the users a default unreg date.

Cheers,
Andi

From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 08 October 2015 16:32
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] tweaking the create users page

Thanks Derek,
I can see how that would work for a simple field such as Name, but I can’t work 
it out for the unregistration date.

  77   
   78 [% l('Registration 
Window') %]
   79 
   80   [% form.field('valid_from').render_element | none %] 
   81   [% form.field('expiration').render_element | none %]
   82 
   83   


I still need to swap access duration for the set role action too.


   85   

   86 [% l('Actions') %]

   87 

   88   

   89 

   90   [% FOREACH action IN form.field('actions').fields -%]

   91

Re: [PacketFence-users] PacketFence-users Digest, Vol 90, Issue 36

2015-10-13 Thread Boley, Chris 
Derek, yes it's a separate unit. FreeBSD 10.2 with Suricata running on it. No 
special suite of softwares. It's just the Suricata install.

-Original Message-
From: packetfence-users-requ...@lists.sourceforge.net 
[mailto:packetfence-users-requ...@lists.sourceforge.net] 
Sent: Tuesday, October 13, 2015 10:53 AM
To: packetfence-users@lists.sourceforge.net
Subject: PacketFence-users Digest, Vol 90, Issue 36

Send PacketFence-users mailing list submissions to
packetfence-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/packetfence-users
or, via email, send a message with subject or body 'help' to
packetfence-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
packetfence-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of PacketFence-users digest..."


Today's Topics:

   1. Re: Suricata alerts to Packet Fence (Derek Wuelfrath)
   2. Re: pfdhcplistener (Derek Wuelfrath)


--

Message: 1
Date: Tue, 13 Oct 2015 10:41:05 -0400
From: Derek Wuelfrath 
Subject: Re: [PacketFence-users] Suricata alerts to Packet Fence
To: ML PF 
Message-ID: <6c92c7d1-0d78-42df-be14-410dc28c8...@inverse.ca>
Content-Type: text/plain; charset="utf-8"

Hello Chris,

Are you running Suricata on a separate box (I assume). Are you running it 
standalone or withing a security suite (SecurityOnion per example).

Let me know

Cheers!
dw.

?
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 9, 2015, at 5:05 PM, Boley, Chris  wrote:
> 
> Does anyone happen to know where I can find info on sending suricata alert 
> events over to Packet Fence?
>  
>  
> Chris Boley | Network Engineer | Cogentrix Energy Power Management, 
> LLC
> 
>  
> --
>  ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
-- next part --
An HTML attachment was scrubbed...

--

Message: 2
Date: Tue, 13 Oct 2015 10:52:22 -0400
From: Derek Wuelfrath 
Subject: Re: [PacketFence-users] pfdhcplistener
To: ML PF 
Message-ID: <79229123-87df-4f2f-83ab-3231b5525...@inverse.ca>
Content-Type: text/plain; charset="utf-8"

Hello Chinmay,

I?m looking at it and I?ll get back to you.

Cheers!
dw.

?
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Oct 13, 2015, at 2:17 AM, Chinmay Mahata  
> wrote:
> 
> Dear Derek,
> Any thought on my issue.
> 
> Regards,
> --Chinmay
> 
> 
> 
> From: "Chinmay Mahata" 
> Sent: Fri, 09 Oct 2015 18:13:36
> To: "packetfence-users@lists.sourceforge.net" 
> 
> Subject: Re: [PacketFence-users] pfdhcplistener Dear Derek,
>  Thanks for your quick response.   I think I could not describe my 
> problem/query properly.
> 
> DHCPD is running on only one interface (eth0) of my PF server, no issue with 
> that.
> 
> Actually at the WAN side (upstream) of my PF server there is another DHCP 
> server is running (though PF server WAN has static IP). Since pfdhcplistener 
> is running at eth1(WAN) also, in the node (web)page I can see many 
> unregistered nodes of WAN network which I don't want.
> 
> I want to see only those nodes in the webpage which are under PF server 
> and who are getting IP addresses from DHCP server running in PF server (on 
> eth0). Hope pfdhcplistener on eth0 only can catch those. 
> 
> So I want to run only one instance of pfdhcplistener on interface eth0 
> (pfdhcplistener_eth0). Please let me know how can I do that.
> 
> Thanks again Derek.
> 
> Regards,
> --Chinmay
> 
> 
> 
> 
> 
> From: Derek Wuelfrath 
> Sent: Thu, 08 Oct 2015 22:11:09
> To: ML PF 
> Subject: Re: [PacketFence-users] pfdhcplistener Chinmay,
> 
>> The packetfence server is working as a DHCP server.
>> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, 
>> pfdhcplistener_eth1.
>> 
>> 
>> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it 
>> be possible (or it may cause

Re: [PacketFence-users] Packetfence with Cisco Meraki

2015-10-13 Thread Sanya Silas 
Thanks Antoine,

I am accessing the webinterface via Meraki Cloud but there is also a
smaller local page on the Meraki accessible by using my.Meraki.com while
connected to the AP which I am able to resolve to an IP. Would this be the
IP of the cloud controller or local AP web interface?

Kind Regards,
Sanya Silas
Hello Silas,

The documentation to configure the Meraki with PacketFence is available
here(p94-95):

http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf

The IP of the Meraki should be the IP of management you are using to
connect the webinterface of the Meraki.

Thank you,

On 10/12/2015 04:02 PM, Silas Namenya wrote:

Hi,

We are new to packetfence and trying to setup packetfence with Meraki
access points in webauth mode. Stuck at the point where to add switch on
Packetfence config to add the new AP. How do I go about this setup, what is
the IP of Meraki cloud controller and do I need more setting to get this
working. Anybody tried Meraki with packetfence? See pic attached

What i want to understand is what IP address to use for the Meraki Cloud
controller and if there are any config requirements for RADIUS, SNMP e.t.c
to make this work with Meraki.

Any pointer to documentation on this will be most appreciated

Kind Regards,
Sanya Silas.

The contents of this electronic mail message and any attachments are
confidential and may be legally privileged and protected from discovery or
disclosure. This message is intended only for the personal and confidential
use of the intended addressee. If you have received this message in error,
you are not authorised to view, disseminate, distribute or copy this
message or any part of it without our consent, and you are requested to
return it to the sender immediately and delete all copies from your system.

The Copy Cat Ltd cannot guarantee that this message or any attachment is
virus free, does not contain malicious code or is incompatible with your
electronic system and does not accept liability in respect of viruses,
malicious code or any related problems that you might experience.

Unless specifically stated, any views expressed may not necessarily be the
Company but that of the sender.


--



___
PacketFence-users mailing
listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Antoine amacheraamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)


--

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcpd service not starting

2015-10-13 Thread Morgan, Darren 
Thanks Fabrice,

Worked perfectly.

Regards

Darren

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 12 October 2015 19:19
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] dhcpd service not starting

Hello Darren,

it looks that you define manually the isolation and registration network in 
dhcpd.conf (in /usr/local/pf/conf/).
The dhcp configuration is managed by pf and it generate a file in 
var/conf/dhcpd.conf, so remove the 2 scopes you defined manually and do a:
bin/pfcmd configreload hard
bin/pfcmd service dhcpd restart

Regards
Fabrice


Le 2015-10-12 12:03, Morgan, Darren a écrit :
Hi,

We are trialing PF but cannot get the dhcpd service to run.  It shows the 
following errors on startup (dhcpd.conf and networks.conf copied in after 
errors);

nternet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/usr/local/pf/var/conf/dhcpd.conf line 48: range declaration not allowed here.
  range
   ^
/usr/local/pf/var/conf/dhcpd.conf line 50: expecting a declaration
  max-lease-time 30;
^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.10 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.11 is declared 
twice!
  range 192.168.120.10 192.168.120.246;
   ^
##  lots of lines cut out ##

/usr/local/pf/var/conf/dhcpd.conf line 57: lease 192.168.120.246 is declared 
twice!
  range 192.168.120.10 192.168.120.246;

Configuration file errors encountered -- exiting

This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the CentOS Bugs Database:
http://bugs.centos.org/

exiting.
dhcpd|not started 0m

###
dhcpd.conf
###
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;
#// Registration network definition
subnet 192.168.120.0 netmask 255.255.255.0 {
   option routers 192.168.100.42;
   option subnet-mask 255.255.255.0;
   option domain-name "oundleschool.local";
   option domain-name-servers 192.168.100.42;
   range 192.168.120.10 192.168.120.249;
   default-lease-time 300;
   max-lease-time 300;
}

#// Isolation network definition
subnet 192.168.130.0 netmask 255.255.255.0 {
   option routers 192.168.100.43;
   option subnet-mask 255.255.255.0;
   option domain-name "isolation.oundleschool.local";
   option domain-name-servers 192.168.100.43;
   range 192.168.130.10 192.168.130.249;
   default-lease-time 300;
   max-lease-time 300;
}
log-facility local6;

%%omapi%%

%%active%%

%%networks%%


##
networks.conf
##
[192.168.130.0]
dns=192.168.130.1
dhcp_start=192.168.130.10
gateway=192.168.130.1
domain-name=vlan-isolation.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.130.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30

[192.168.120.0]
dns=192.168.120.1
dhcp_start=192.168.120.10
gateway=192.168.120.1
domain-name=vlan-registration.oundleschool.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.120.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30

Any ideas?

Darren Morgan
Systems Manager
Oundle School
Tel: 01832 277349
ü Please consider the environment before printing this e-mail




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk





Scanned by iCritical.






--




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Out of band without VLAN/switch config - only firewall

2015-10-13 Thread Durand fabrice 

Hello Bjorn,

there is probably a way to configure the palo alto firewall to use a 
captive portal.
I found this documentation 
https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/ConfigurationArticles/920/1/How%20to%20Configure%20Captive%20Portal.pdf 
and you probably be able to use the redirect method and forward to 
packetfence portal.


Regards
Fabrice

Le 2015-10-13 07:06, Björn Frostberg a écrit :

Hi,

Been trying to read the documentation but don't quite get if it's 
possible or "easy" to deploy Packetfence with firewall only 
integration. I basically only want user to sign in to a portal and 
when OK, API call to firewall to allow that user's IP. Using mainly 
Palo Alto FW.


No integration to AP nor switch.

Regards, Bjorn



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG

2015-10-13 Thread ismael flavio silva 
hello,

ok.. works :)

thanks

I have a question...

I was using the PF 5.3.1 and wanted to use nessus to scan the client

They said they needed a patch

on the PF 5.4.0 i need it?

here the patch:
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff
 
So in /usr/local/pf/ do:
wget
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff
 
patch -p1 --dry-run < 647.diff
patch -p1 < 647.diff
 
rpm -ivh
http://inverse.ca/downloads/PacketFence/RHEL6/devel/x86_64/RPMS/perl-Net-Nessus-REST-0.2-3.4.noarch.rpm
 
"Then restart packetfence , when it's done go in scan engine and you will
see a new scan engine nessus6."

sorry my bad english :)

Thanks

From: lmu...@inverse.ca
Date: Mon, 12 Oct 2015 07:42:32 -0400
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG

That bug is fixed in maintenance.
Run 
# perl /usr/local/pf/addons/pf-maint.pl

Why are you starting those services?Unless you use port security you should not 
need them.

--Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


On Oct 10, 2015, at 21:40 , ismael flavio silva  
wrote:Hello I am installing pf 5:40 to enforce vlan when selected the pfsetvan 
and snmptrapd to start, it displays this error packefence.log ERROR: Failed to 
load module pf :: Switch :: packetfence: packetfence (mp :: :: SwitchFactory 
getModule) ERROR: Can not load perl module switch is 127.0.0.1, type: 
packetfence. The type is unknown or perl module has compilation errors (please 
SwitchFactory :: :: _ ANON__) pfcmd.pl (4740) FATAL: Can't call mothod "new" on 
an undefined value at /usr/local/pf/lib/pf/SwitchFactory.pm line 165 at the 
first start all ok. I deleted the switch´s default and added my swicth. Not 
work anymore :( 
Thanks--___PacketFence-users
 mailing 
listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users  
  --
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG

2015-10-13 Thread Durand fabrice 

Hello,

yes you need to apply the patch.

Regards
Fabrice


Le 2015-10-13 17:50, ismael flavio silva a écrit :

hello,

ok.. works :)

thanks

I have a question...

I was using the PF 5.3.1 and wanted to use nessus to scan the client

They said they needed a patch

on the PF 5.4.0 i need it?

here the patch:
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff

So in /usr/local/pf/ do:
wget
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/647.diff

patch -p1 --dry-run < 647.diff
patch -p1 < 647.diff

rpm -ivh
http://inverse.ca/downloads/PacketFence/RHEL6/devel/x86_64/RPMS/perl-Net-Nessus-REST-0.2-3.4.noarch.rpm

"Then restart packetfence , when it's done go in scan engine and you will
see a new scan engine nessus6."

sorry my bad english :)

Thanks


From: lmu...@inverse.ca
Date: Mon, 12 Oct 2015 07:42:32 -0400
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PF 5.40 pfsetvlan and snmptrapd BUG

That bug is fixed in maintenance.

Run

# perl /usr/local/pf/addons/pf-maint.pl


Why are you starting those services?
Unless you use port security you should not need them.

--
Louis Munro
lmu...@inverse.ca   :: www.inverse.ca 


+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) 
and PacketFence (www.packetfence.org )


On Oct 10, 2015, at 21:40 , ismael flavio silva
> wrote:

Hello
I am installing pf 5:40 to enforce vlan
when selected the pfsetvan and snmptrapd to start, it displays
this error
packefence.log
ERROR: Failed to load module pf :: Switch :: packetfence:
packetfence (mp :: :: SwitchFactory getModule)
ERROR: Can not load perl module switch is 127.0.0.1, type:
packetfence. The type is unknown or perl module has compilation
errors (please SwitchFactory :: :: _ ANON__)
pfcmd.pl (4740) FATAL: Can't call mothod "new" on an undefined
value at /usr/local/pf/lib/pf/SwitchFactory.pm line 165
at the first start all ok. I deleted the switch´s default and
added my swicth. Not work anymore :(
Thanks

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
___ PacketFence-users 
mailing list PacketFence-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence with Cisco Meraki

2015-10-13 Thread Michael Stone 
Hi,

I am also trying to get PF working with Meraki and have followed the 
instructions provided by Antoine.

Everything seems to be configured correctly including the cloud IP address but 
I'm getting the following error in packetfence.log.

Oct 14 11:35:02 httpd.portal(886) ERROR: Accessing hash config::Switch with 
undef key. Caller : pf::SwitchFactory::instantiate. 
(pfconfig::cached_hash::FETCH) (pfconfig::cached_hash::FETCH)
Oct 14 11:35:02 httpd.portal(886) ERROR: WARNING ! Unknown switch(es)  
(pf::SwitchFactory::instantiate)

Any suggestions would be appreciated.

Thanks,

Michael Stone
--

Message: 2
Date: Tue, 13 Oct 2015 21:36:23 +0300
From: Sanya Silas >
Subject: Re: [PacketFence-users] Packetfence with Cisco Meraki
To: 
packetfence-users@lists.sourceforge.net
Message-ID:
>
Content-Type: text/plain; charset="utf-8"

Thanks Antoine,

I am accessing the webinterface via Meraki Cloud but there is also a
smaller local page on the Meraki accessible by using my.Meraki.com while
connected to the AP which I am able to resolve to an IP. Would this be the
IP of the cloud controller or local AP web interface?

Kind Regards,
Sanya Silas
Hello Silas,

The documentation to configure the Meraki with PacketFence is available
here(p94-95):

http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf

The IP of the Meraki should be the IP of management you are using to
connect the webinterface of the Meraki.

Thank you,


Invigor Group Limited is a company registered in Australia (ABN 75 081 368 
274). This email and any attachments are intended solely for the use of the 
addressee(s) and may contain information that is confidential, subject to 
copyright and subject to legal professional privilege. If you have received 
this email in error, please notify the sender immediately, delete it and 
destroy all copies. Any views expressed are those of the individual sender 
unless expressly stated otherwise. In respect of this email and any 
attachments, to the extent permitted by law, no warranty is given and all 
liability is excluded,including, without limitation, liability for any loss or 
damage caused by way of computer virus, defect, delay, or interruption.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users