[PacketFence-users] Empirical value for inline bandwith

[g4-lisz]

Hi all.

I wonder if there is some empirical value on how many concurrent 
connections can run over a virtual machine with Packetfence in inline 
(level 2) mode. Let's assume that the internet connection is not the 
bottleneck...

Best wishes,
Till

--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auto registration

[Durand fabrice]

Hi Anton,

in fact the role name in AutoRegister scope doesn't really matter, it 
just have to exist (to return True)
If the AutoRegister scope return something then the next step is 
NodeInfoForAutoReg.
In this scope (NodeInfoForAutoReg) packetfence  will try to instantiate 
a portal profile to compute the role.


So if you have no rule that match in NodeInfoForAutoReg then you will 
have to create a portal profile that will match on specific parameter 
(like the SSID).


Don't forget that in the NodeInfoForAutoReg scope is the device never 
registered then there is no node.category.


Regards
Fabrice



Le 2016-05-20 02:24, Anton Dreyer a écrit :


Hi Fabrice

Thanks for taking the time to answer.

This is exactly what I am not sure how to accomplish. I have 2x AD 
sources in the portal profile. Is It possible to set the 2 roles in 
the auto register portion? By doing


/[1:normalnetwork]/

/scope = AutoRegister/

/role = admin_wlan/

do you not set everyone to admin_wlan? How do I manage to 
differentiate between the roles/sources?


Thanks again

Regards

Anton

*From:*Fabrice Durand [mailto:fdur...@inverse.ca]
*Sent:* Thursday, 19 May 2016 4:27 PM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] Auto registration

Hello Anton,

the fact is the role in not yet set in the AutoRegister scope:

[1:normalnetwork_staff]

scope = AutoRegister

role = admin_wlan

[2:normalnetwork_student]

scope = AutoRegister

role = student_wlan


So do that instead:

[1:normalnetwork]

scope = AutoRegister

role = admin_wlan

And when it will go in the normal flow (NodeInfoForAutoReg after 
AutoRegister) it will try to instantiate the portal (Filter 
SSID:ess_pf_Dot1x) and try to match with you AD source.
Of course you must have a portal profile with SSID:ess_pf_Dot1x and 
assign the AD source on it.


Regards
Fabrice

Le 2016-05-19 09:44, Anton Dreyer a écrit :

Good day

I was hoping I could get a little assistance regarding auto
registration on the 802.1x network (skipping the whole portal part)

The examples for auto registration I have found seem to have a
single, default role. You guys helped me to put together the top
part of the filter below a couple of months ago to deregister
someone connecting to the open network:

Would it be a terrible ask to help writing a filter to
autoregister on the secure ssid? I am guessing it would look
something like this?:

[regnetwork]

filter = ssid

operator = is

value = ess_pf_MacAuth

[is_staff]

filter = node_info.category

operator = is

value = admin_wlan

[is_student]

filter = node_info.category

operator = is

value = student_wlan

#unregister all staff nodes when connecting to open ssid

[unregnode:regnetwork_staff]

scope = NormalVlan

role = registration

action = deregister_node

action_param = mac = $mac

#unregister all student nodes when connecting to open ssid

[unregnode:regnetwork_student]

scope = NormalVlan

role = registration

action = deregister_node

#  the code above works, new code below


#autoregister on Dot1x

[normalnetwork]

filter = ssid

operator = is

value = ess_pf_Dot1x

[1:normalnetwork_staff]

scope = AutoRegister

role = admin_wlan

[2:normalnetwork_student]

scope = AutoRegister

role = student_wlan

[autoreg]

filter = node_info

attribute = autoreg

operator = match

value = yes

[3:autoreg]

scope = NormalVlan

action = register_node

action_param = mac = $mac

---

Thanks in advance!

Anton





--

Mobile security can be enabling, not merely restricting. Employees who

bring their own devices (BYOD) to work are irked by the imposition of MDM

restrictions. Mobile Device Manager Plus allows you to control only the

apps on BYO-devices by containerizing them, leaving personal data untouched!

https://ad.doubleclick.net/ddm/clk/304595813;131938128;j




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net


https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca   ::  +1.514.447.4918 (x135) 
::www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by 

[PacketFence-users] E-Mail registration problem

[Torry, Andrew]

When a user register a device via an E-Mail address the PF 6 database
node entry Is updated with the configured unregdate set based on the
the authentication.conf:email_activation_timeout value which we have
set to 5minutes.

There are two problems we have found:-

The activation E-Mail that is sent to the user is hard coded in the
conf/templates/emails-guest_email_activation.html file
to say

'Failure to do so within 10 minutes will result in a termination...'

It makes no attempt to refer to the above configuration variable
at all.

When the activation link is followed the database is NOT updated with a
new 'unregdate' by the file

html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm

Which refers to a value that does not exist giving the following log message:-

packetfence.log:May 20 14:09:49 httpd.portal(979) WARN: [mac:00:26:c7:3b:b2:6e] 
Use of
uninitialized value $unregdate in concatenation (.) or string at
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
 line 93.

The result is that the user ends up with an unregdate of -00-00 00:00:00 
and has network access
for an indefinite period of time and is never 'unregistered'

Andrew
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive Portal Disclaimer Text

[Antoine Amacher]

Hello Manfred,

you can change it in 
/usr/local/pf/html/captive-portal/templates/aup_text.html


Thank you.

On 05/20/2016 03:45 AM, Schannen, Manfred wrote:


Hello,

i´m testing ZEN 6.0.1, VMWare, and i am looking fort he file where the

„disclaimer text“ can be changed?

Thanks



--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] ZEN Web Interface Problems

[Schannen, Manfred]

Hi Valentin Aubert,

stop iptables:

Service iptables stop

try again to reach the Webinterface




smime.p7s
Description: S/MIME cryptographic signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Captive Portal Disclaimer Text

[Schannen, Manfred]

Hello,
i´m testing ZEN 6.0.1, VMWare, and i am looking fort he file where the
"disclaimer text" can be changed?

Thanks


smime.p7s
Description: S/MIME cryptographic signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auto registration

[Anton Dreyer]

Hi Fabrice

Thanks for taking the time to answer.

This is exactly what I am not sure how to accomplish. I have 2x AD sources in 
the portal profile. Is It possible to set the 2 roles in the auto register 
portion? By doing

[1:normalnetwork]
scope = AutoRegister
role = admin_wlan

do you not set everyone to admin_wlan? How do I manage to differentiate between 
the roles/sources?

Thanks again

Regards
Anton

From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Thursday, 19 May 2016 4:27 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Auto registration

Hello Anton,

the fact is the role in not yet set in the AutoRegister scope:

[1:normalnetwork_staff]
scope = AutoRegister
role = admin_wlan

[2:normalnetwork_student]
scope = AutoRegister
role = student_wlan


So do that instead:
[1:normalnetwork]
scope = AutoRegister
role = admin_wlan

And when it will go in the normal flow (NodeInfoForAutoReg after AutoRegister) 
it will try to instantiate the portal (Filter SSID:ess_pf_Dot1x) and try to 
match with you AD source.
Of course you must have a portal profile with SSID:ess_pf_Dot1x and assign the 
AD source on it.

Regards
Fabrice
Le 2016-05-19 09:44, Anton Dreyer a écrit :
Good day

I was hoping I could get a little assistance regarding auto registration on the 
802.1x network (skipping the whole portal part)
The examples for auto registration I have found seem to have a single, default 
role. You guys helped me to put together the top part of the filter below a 
couple of months ago to deregister someone connecting to the open network:
Would it be a terrible ask to help writing a filter to autoregister on the 
secure ssid? I am guessing it would look something like this?:

[regnetwork]
filter = ssid
operator = is
value = ess_pf_MacAuth

[is_staff]
filter = node_info.category
operator = is
value = admin_wlan

[is_student]
filter = node_info.category
operator = is
value = student_wlan

#unregister all staff nodes when connecting to open ssid
[unregnode:regnetwork_staff]
scope = NormalVlan
role = registration
action = deregister_node
action_param = mac = $mac

#unregister all student nodes when connecting to open ssid
[unregnode:regnetwork_student]
scope = NormalVlan
role = registration
action = deregister_node

#  the code above works, new code below 

#autoregister on Dot1x
[normalnetwork]
filter = ssid
operator = is
value = ess_pf_Dot1x

[1:normalnetwork_staff]
scope = AutoRegister
role = admin_wlan

[2:normalnetwork_student]
scope = AutoRegister
role = student_wlan

[autoreg]
filter = node_info
attribute = autoreg
operator = match
value = yes

[3:autoreg]
scope = NormalVlan
action = register_node
action_param = mac = $mac


---

Thanks in advance!

Anton




--

Mobile security can be enabling, not merely restricting. Employees who

bring their own devices (BYOD) to work are irked by the imposition of MDM

restrictions. Mobile Device Manager Plus allows you to control only the

apps on BYO-devices by containerizing them, leaving personal data untouched!

https://ad.doubleclick.net/ddm/clk/304595813;131938128;j




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users