[PacketFence-users] monit setup guide for PF

2016-10-13 Thread Sallee, Jake 
Does anyone have a setup guide for using monit with Packetfence?

I know it can be done, but I can't seem to find any docs on it.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] web configurator - I dun goofed

2016-10-13 Thread Jason Skretta 

I think I ran into this also when I was doing a setup on PF 5.5.2 once.  From 
some notes I have:



Did the installation with YUM and when that was complete then tried going to

https://:1443/configurator

but was unable to load the page.



Used SSH to log into the box, become root, then I ran the command 
/etc/init.d/mysqld start

  (I suppose you could use "ps" to check if there are any mysql processes 
running before trying this ? )

MySQL spit out some output and talked about setting up the PW for the root 
user..


so then when the cmd prompt came back (I got two [  OK  ] indicators) I did 
these:


/usr/bin/mysqladmin -u root password 'newpass'

/usr/bin/mysqladmin -u root -h  password 'newpass'


and there was no output after either command, but it looked like it worked fine 
(no errors anyway).

So then I did this, per the suggestion in the original "mysqld start" output:


/usr/bin/mysql_secure_installation


Since I already setup the root PW, I said N to that question, but Y on the rest.

Once all that finished, I was able to go to


https://:1443/configurator


and it seemed to work OK from there.  I was able to complete the "Step 3 - 
Database Configuration" portion on the configurator with no problem.




So this is what worked for me.  Other people may have better or more 
appropriate suggestions.


Jason Skretta
Systems Support Specialist
Ames Laboratory   www.ameslab.gov
jskre...@ameslab.gov








On 10/13/2016 11:55 AM, Sallee, Jake wrote:
>
> I need to get to the web configurator ... but I kinda messed up.
>
> I went through the normal install procedure (Install OS -> install updates -> 
> install PF)
>
> Here is where I goofed: I rebooted the server because it installed a new 
> kernel.  Now I can't get to the web configurator.
>
> I tried making sure the packetfence-config and packetfence services are 
> started (they are) but the server is not listening on port 1443.
>
> The only service that is running is the httpd.admin service (all the other 
> services fail to start) and when I try to start the pf services i get an 
> error starting mysql ... since ... you know ... I haven't set it up yet.
>
> How do I proceed?
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence not logging SNMP mac-learned

2016-10-13 Thread Beyioku, Ola 
HI All,

I am also getting the following INFO messages as well in PacketFence.log

Up trap received on (x.x.x.x) ifindex 1 which is not ethernetCsmacd 
(pf::role::doWeActOnThisTrap)

doWeActOnThisTrap returns false. Stop up handling (main::handleTrap)

finished (main::cleanupAfterThread)

Any help pointing me in the right direction would be highly appreciated.

Thanks

RagnaL
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] web configurator - I dun goofed

2016-10-13 Thread Derek Wuelfrath 
Jake, my man !

Can you check if you have the ‘/usr/local/pf/conf/currently-at’ file and what 
is the content ?

Cheers!
-dw.

—
Derek Wuelfrath
de...@inverse.ca 
> On Oct 13, 2016, at 12:55, Sallee, Jake  wrote:
> 
> I need to get to the web configurator ... but I kinda messed up.
> 
> I went through the normal install procedure (Install OS -> install updates -> 
> install PF)
> 
> Here is where I goofed: I rebooted the server because it installed a new 
> kernel.  Now I can't get to the web configurator.
> 
> I tried making sure the packetfence-config and packetfence services are 
> started (they are) but the server is not listening on port 1443.
> 
> The only service that is running is the httpd.admin service (all the other 
> services fail to start) and when I try to start the pf services i get an 
> error starting mysql ... since ... you know ... I haven't set it up yet.
> 
> How do I proceed? 

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sponsor guest access issue

2016-10-13 Thread Derek Wuelfrath 
Hello Daren,

Can you try to add the “sponsor” source to your portal profiles ?
You have the “Sponsors” which defines who is able to sponsor, but not the 
“sponsor” which activate the sponsor feature.

Sponsor ! (not mentionned enough ;))

Cheers!
-dw.

—
Derek Wuelfrath
de...@inverse.ca 
> On Oct 13, 2016, at 11:59, Morgan, Darren  wrote:
> 
> ~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~
> profiles.conf 
> ~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~
>  
> [default]
> description=Default Profile
> logo=/common/packetfence-white.png
> redirecturl=http://www.google.co.uk 
> always_use_redirecturl=disabled
> locale=en_US
> nbregpages=0
> filter_match_style=any
> block_interval=10m
> sms_pin_retry_limit=0
> sms_request_limit=0
> login_attempt_limit=0
> root_module=oundle_school_root_module
> billing_tiers=
> dot1x_recompute_role_from_portal=enabled
> preregistration=disabled
> autoregister=disabled
> scans=
> reuse_dot1x_credentials=0
> sources=Sponsors,local,OS_Staff,OS_Pupils,IT_Dept
> provisioners=
>  
> [RESMachines]
> locale=
> filter=connection_type:Ethernet-EAP
> description=RESMachines from AD
> sources=RESMachines,Sponsors
>  
> [NoRESMachines]
> locale=
> filter=connection_type:Ethernet-EAP
> description=Domained PC's without RES
> sources=NoRESMachines,Sponsors
>  

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] web configurator - I dun goofed

2016-10-13 Thread Antoine Amacher 
Hello Jake,

It is expected to have only the httpd.admin and packetfence-config start 
after a fresh install.

With the admin start the server should listen on 1443 tho.

To be certain could you do: netstat -nlp | grep 1443 and also make sure 
iptables is disable. If this is a centos7, systemctl stop firewalld.

If you encounter issues and you don't have any configuration set, you 
could do a yum reinstall. Which will reinstall the package and start the 
expected services to access the configurator.

Thanks


On 10/13/2016 12:55 PM, Sallee, Jake wrote:
> I need to get to the web configurator ... but I kinda messed up.
>
> I went through the normal install procedure (Install OS -> install updates -> 
> install PF)
>
> Here is where I goofed: I rebooted the server because it installed a new 
> kernel.  Now I can't get to the web configurator.
>
> I tried making sure the packetfence-config and packetfence services are 
> started (they are) but the server is not listening on port 1443.
>
> The only service that is running is the httpd.admin service (all the other 
> services fail to start) and when I try to start the pf services i get an 
> error starting mysql ... since ... you know ... I haven't set it up yet.
>
> How do I proceed?
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] web configurator - I dun goofed

2016-10-13 Thread Sallee, Jake 
I need to get to the web configurator ... but I kinda messed up.

I went through the normal install procedure (Install OS -> install updates -> 
install PF)

Here is where I goofed: I rebooted the server because it installed a new 
kernel.  Now I can't get to the web configurator.

I tried making sure the packetfence-config and packetfence services are started 
(they are) but the server is not listening on port 1443.

The only service that is running is the httpd.admin service (all the other 
services fail to start) and when I try to start the pf services i get an error 
starting mysql ... since ... you know ... I haven't set it up yet.

How do I proceed? 

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Can't join packetfence to domain for RADIUS

2016-10-13 Thread Antoine Amacher 

Hello Alex,

Can you be a bit more precise on your issue, do you have the error while 
trying to add the domain? Or just while trying to connect to PacketFence 
administration interface?


Also since your setup is not in production, I would advise you to update 
to 6.3. (fixs for the domain join have been add)


Thanks,


On 10/13/2016 01:09 AM, Alex Fishel wrote:

Hello all,

I am running PacketFence 6.2.1 in a virtual machine on ESXi, using 
VLAN isolation.  I want to be able to use RADIUS so that I may use a 
wireless access point with my PacketFence setup.  One of the first 
steps in this process seems to be to set up a domain for RADIUS.  I 
have followed the steps in the administration guide to the letter and 
have so far not been able to connect.  I get an error message "There 
was a problem connecting to the server, please try again later."


I have tried the troubleshooting steps in the administration guide and 
they do not seem to be helping either.   Are there any "gotchas" to be 
aware of when setting this up?  My guess is that I either need to set 
something else up first or I am just not entering the data correctly.


Any help is greatly appreciated.

Thank you!

--
Alex Fishel





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PacketFence not logging SNMP mac-learned

2016-10-13 Thread Beyioku, Ola 
Hello All,

A very good day to you all.

I have a basic PacketFence set-up using the latest release version 6.2.9 
running on RHEL 6.8. I have set-up in VLAN enforcement mode and have been able 
to perform the initial configuration for both PacketFence, thus defined a 
switch (Cisco 2960) with SNMP v3 auth|priv and created a user in snmptrapd.

I can see the SNMP trap messages being sent to the server, processed by 
snmptrapd and written to snmptrapd.log, also packetfence.log shows entries for 
pfsetvlan as follows:

Pfsetvlan (6) ERROR: could not convert dot1dBasePort into ifIndex in any 
VLAN.Setting tratType to unknown (pf::Switch::Cisco::parseTrap)

Since I have this switch set-up with mac-learrned traps, I was expecting 
PacketFence to show this up as newly discovered devices with the MAC and device 
information. Am I missing something?

Thanks in advance.

RagnaL
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Security Onion alerts not triggering

2016-10-13 Thread Morris, Andi 
Thanks Thierry, this fixed my issue.

Cheers,
Andi


From: Thierry Laurion [mailto:tlaur...@inverse.ca]
Sent: 07 October 2016 18:09
To: packetfence-users@lists.sourceforge.net
Cc: Morris, Andi 
Subject: Re: [PacketFence-users] Security Onion alerts not triggering

Hi,

The "detect" trigger matches numerical SIDs found in Snort and Suricata 
generated "alert" logs, which have a different format then the "digested" logs 
of SecurityOnion.

As an exemple, here is the kind of logs that Suricata and Snort generates when 
in "alert" mode:
'07/28/2015-09:09:59.431113  [**] [1:2221002:1] SURICATA HTTP request field 
missing colon [**] [Classification: Generic Protocol Command Decode] [Priority: 
3] {TCP} 10.220.10.186:44196 -> 199.167.22.51:8000'


You should use "suricata_event" triggers in your SecurityOnion related 
violations, which match text and are more generic.

Modify the violation 153 for it to match "ET P2P Vuze BT UDP Connection". 
That would  be a broader match and would also generate a violation for the 
following SIDs:
sid-msg.map:2010140 || ET P2P Vuze BT UDP Connection || 
url,doc.emergingthreats.net/2010140 || url,vuze.com
sid-msg.map:2010141 || ET P2P Vuze BT UDP Connection (2) || 
url,doc.emergingthreats.net/2010141 || url,vuze.com
sid-msg.map:2010142 || ET P2P Vuze BT UDP Connection (3) || 
url,doc.emergingthreats.net/2010142
sid-msg.map:2010143 || ET P2P Vuze BT UDP Connection (4) || 
url,doc.emergingthreats.net/2010143
sid-msg.map:2010144 || ET P2P Vuze BT UDP Connection (5) || 
url,doc.emergingthreats.net/2010144 || url,vuze.com


Regards,
Thierry Laurion
An update, I’m now getting the alerts hitting pfdetect, but they’re still not 
triggering the violation with the same ID.
pfdetect.log shows:
Oct 07 15:23:40 pfdetect(11814) INFO: alert received: 'Oct  7 14:23:40 idsman01 
securityonion_ids: 14:23:40 pid(24921)  Alert Received: 0 1 policy-violation 
idshalls01-eth0-7 {2016-10-07 14:23:39} 21 173773 {ET P2P Vuze BT UDP 
Connection} 10.6.198.173 24.122.228.33 17 10600 65344 1 2010140 6 92 92
' (main::_run_detector)


The relevant section of violation.conf is:
[153]
trigger=detect::2010140
actions=email_admin,reevaluate_access,log
max_enable=10
desc=P2P Vuze2
enabled=Y
template=p2p
grace=2h


From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 07 October 2016 14:56
To: 
packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Security Onion alerts not triggering

Hi all,
I have configured my security onion server to send alerts to my packetfence 
server (version 6.2.1), and I can see that they’re getting there through 
TCPdump.

IDS server:
13:37:02.260031 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 240
13:37:02.260216 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 243
13:37:12.271539 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 241
13:37:57.325078 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 242
13:37:57.326236 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 243
13:38:07.342397 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 243
13:38:37.377503 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 241
13:38:55.401715 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 282
13:38:55.401858 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 282
13:38:55.401895 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 282
13:38:55.401921 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 282
13:39:03.412383 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 241
13:39:07.418010 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 284
13:39:07.418098 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 284
13:39:07.418113 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 284
13:39:07.418132 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 284
13:39:07.418153 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 242
13:39:07.418172 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG user.notice, length: 242
13:39:22.434608 IP idsserver.internal.domain.35871 > 
packetfence.internal.domain.syslog: SYSLOG

[PacketFence-users] Can't join packetfence to domain for RADIUS

2016-10-13 Thread Alex Fishel 
Hello all,

I am running PacketFence 6.2.1 in a virtual machine on ESXi, using VLAN
isolation.  I want to be able to use RADIUS so that I may use a wireless
access point with my PacketFence setup.  One of the first steps in this
process seems to be to set up a domain for RADIUS.  I have followed the
steps in the administration guide to the letter and have so far not been
able to connect.  I get an error message "There was a problem connecting to
the server, please try again later."

I have tried the troubleshooting steps in the administration guide and they
do not seem to be helping either.   Are there any "gotchas" to be aware of
when setting this up?  My guess is that I either need to set something else
up first or I am just not entering the data correctly.

Any help is greatly appreciated.

Thank you!

-- 
Alex Fishel
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users