Re: [PacketFence-users] Guest Logins

[Jason 'XenoPhage' Frisvold via PacketFence-users]

Ok, so I think I've followed all the directions..  The script creates an
invite.conf file which is just an htpasswd file.  I set up an
authentication source (htpasswd) pointing at that file.  I don't have
any rules set up on it, though..  Should there be some?

Once that was done, I created the portal module, setting the
multi-source-id as the auth source I created and added a role and
duration rule as well.

I then added this as the third module in the Root default_policy ..  I'm
not sure if that's correct, though.

When I test, I get the normal default portal login screen.  I've tried
using the username of invite and the password that was generated, but
that doesn't seem to log me in...  So I'm clearly missing something..

Thanks,

On 7/13/17 20:19, Durand fabrice via PacketFence-users wrote:
> Hello Jason,
> 
> once you installed the script in crontab , then create an authentication
> source that use this file.
> 
> After that go in Configuration -> Advanced Access Configuration ->
> portal module and create Authentication::Password and select the
> previous authentication source you created and define the Username "invite".
> 
> Assign the Authentication::Password you created to a root module and use
> that root module on the portal.
> 
> Btw you need to have 7.1 minimum.
> 
> Regards
> 
> Fabrice
> 
> 
> 
> Le 2017-07-13 à 15:55, Jason 'XenoPhage' Frisvold via PacketFence-users
> a écrit :
>> Hi!
>>
>>  So I think I have most everything working on the wired side, except
>> guest logins.  The default email/sms/etc stuff works, but I'm looking to
>> use a guest password for access..  Something along the lines of having
>> the guest add their name, email, and a predefined guest password for access.
>>
>>  I ran across this post which handles rotating the passwords :
>>
>> https://sourceforge.net/p/packetfence/mailman/message/35411130/
>>
>>  But I'm not sure how to do the rest.  Do I need to write a custom
>> module for this?  Or is there something that gets me at least part of
>> the way there?
>>
>> Thanks,
>>
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 
> 
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> 
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools."
- The Hitchhikers Guide to the Galaxy



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DLINK DGS3100

[Louis Munro via PacketFence-users]

> On Jul 18, 2017, at 10:41, Alessandro Canella via PacketFence-users 
>  wrote:
> 
> Hi where’s location of pfqueue.log ?


Hi Alessandro,
pfqueue now logs in the main log file, packetfence.log. 

So you can always grep for it in that file:

# grep pfqueue /usr/local/pf/logs/pfqueue.log 


Or look for it by unit in the journal: 

# journalctl -u packetfence-pfqueue



Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 
 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: R: DLINK DGS3100

[Alessandro Canella via PacketFence-users]

I've tested ANY type of deauth in switch config. Note : I use SNMP v2c by 
default, should I move to SNMPv3 ?


Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 18 luglio 2017 16.41
A: packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 
Oggetto: [PacketFence-users] R: DLINK DGS3100

Hi where's location of pfqueue.log ?

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 13 luglio 2017 02.25
A: 
packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] DLINK DGS3100


Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :
Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Net::Telnet cause Job for packetfence-httpd.admin.service failed because the control process exited with error code

[Ortega Gustavo Martin via PacketFence-users]

Hi all,

I'm using PF since version 5. Now I'm trying to migrate config to CentOS 7 
running PF 7.0.2

uname -a
Linux serverXXX 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

The httpd.admin service refuses to start, it complains about a segfault in 
libnss_files-2.17.so

# /usr/local/pf/bin/pfcmd service httpd.admin start
service|command
Job for packetfence-httpd.admin.service failed because the control process 
exited with error code. See "systemctl status packetfence-httpd.admin.service" 
and "journalctl -xe" for details.
httpd.admin|not started

Here is the output of log messages:

Jul 18 14:18:50 serverXXX kernel: /usr/sbin/httpd[20408]: segfault at 
7efe40606e70 ip 7efe40606e70 sp 7fff2f8af268 error 14 in 
libnss_files-2.17.so[7efe472b5000+c000]
Jul 18 14:18:50 serverXXX abrt-hook-ccpp: Process 20408 (httpd) of user 0 
killed by SIGSEGV - dumping core
Jul 18 14:18:51 serverXXX abrt-hook-ccpp: Failed to create core_backtrace: 
dwfl_getthread_frames failed: No DWARF information found
Jul 18 14:18:51 serverXXX abrt-hook-ccpp: /var/spool/abrt is 1489797841 bytes 
(more than 1279MiB), deleting 'ccpp-2017-07-18-14:18:18-20315'
Jul 18 14:18:51 serverXXX abrt-server: Lock file '.lock' is locked by process 
20435
Jul 18 14:18:51 serverXXX systemd: packetfence-httpd.admin.service: main 
process exited, code=dumped, status=11/SEGV
Jul 18 14:18:51 serverXXX kill: kill: cannot find process ""
Jul 18 14:18:51 serverXXX systemd: packetfence-httpd.admin.service: control 
process exited, code=exited status=1
Jul 18 14:18:51 serverXXX systemd: Failed to start PacketFence Administration  
Apache HTTP Server.
Jul 18 14:18:51 serverXXX systemd: Unit packetfence-httpd.admin.service entered 
failed state.
Jul 18 14:18:51 serverXXX systemd: packetfence-httpd.admin.service failed.

After some debug, I realize that the problem is related to 
perl-Net-Telnet-3.03-19.el7.noarch.
I can't understand why, because I create a script in the same server, using 
module Net::Telnet to connect to a switch and works great!

Has anyone experienced something similar?

Thank you in advance

Gustavo.


El contenido del presente mensaje y sus anexos es privado, confidencial y de 
exclusivo uso para el destinatario referenciado. Puede contener informacion 
privilegiada o amparada por el secreto profesional o por disposiciones legales 
y/o reglamentarias vigentes. Cualquier modificacion, retransmision, 
diseminacion o divulgacion de su informacion se encuentra expresamente 
prohibida y su uso inadecuado puede derivar en responsabilidad civil para el 
usuario o configurar los delitos previstos en los articulos 153 a 157 del 
Codigo Penal. Si no fuere uno de los destinatarios consignados o lo hubiere 
recibido por error, Ud. NO ESTA AUTORIZADO a utilizar total o parcialmente, 
copiar, enviar, revelar, imprimir, divulgar de manera alguna el contenido del 
presente mensaje o el de sus adjuntos. En consecuencia, tenga a bien 
comunicarselo inmediatamente al emisor y ELIMINARLO. ANSES no garantiza la 
seguridad, integridad, exactitud u oportunidad de lo transmitido por este medio 
ni se responsabiliza de posibles perjuicios derivados de la captura, 
incorporaciones de virus o cualquier otra manipulación efectuada por terceros. 
Asimismo, las opiniones expresadas en este mensaje y en los archivos adjuntos 
son propias del remitente y no representan la opinion o politicas de ANSES, 
salvo que se diga expresamente y el remitente se encuentre  autorizado para 
ello. Por ende, ANSES no asumira -en ningun caso- responsabilidad alguna frente 
al destinatario y/o terceros en virtud de dichas comunicaciones y ademas, no 
sera responsable frente a los usuarios por la correspondencia o los mensajes de 
correo electronico enviados por terceros u otras personas distintas a ANSES, ya 
sea que estos hubieren o no solicitado el envio de tales mensajes. ANSES se 
reserva el derecho de bloquear el acceso o remover en forma parcial o total 
todo mensaje y sus adjuntos que a su criterio pudiere resultar abusivo, 
difamatorio, obsceno, fraudulento, artificioso, engañoso, ofensivo o violatorio 
a los terminos de la presente.  PD: Tildes omitidas intencionalmente.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] R: DLINK DGS3100

[Alessandro Canella via PacketFence-users]

Hi where's location of pfqueue.log ?

Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: giovedì 13 luglio 2017 02.25
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] DLINK DGS3100


Hello Alessandro,

your issue happen when packetfence try to deauth.

Can you check in pfqueue.log for deauth issue ?

Regards

Fabrice



Le 2017-07-12 à 04:05, Alessandro Canella via PacketFence-users a écrit :
Hello All,

I'm developing a solution with PF ZEN and a Dlink DGS3100 infrastructure in OOB 
scenario.

I've got some trouble to find correct syntax : registration VLAN is Ok, auth on 
captive works fine, but at least, redirect on correct VLAN doesn't happens.

Note that other test works fine (If I put in force auth same ports I go to 
production network an so on)


Someone got ideas?




--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Fortigate SSO ignores networks and roles settings

[Giovanni Vedovi via PacketFence-users]

Hi,
I configured firewall (Fortigate) SSO to be execute only with a role and a
specific network but pf sends radius request for every nodes connected also
in any networks or roles.
I try to troubleshoot this enabling level DEBUG
in conf/caddy-services/pfsso.conf but in syslog I don't see any log of
lvl=debug.
I'm sure about radius start/stop packets because I've got a tcpdump
active.By looking the code I saw debug messages on matching or not
networks/roles but I can't see it on logs.
We are using version 7.1 on CentOS 7.
The SSO works well for the corrects role on specific network, our issue is
for session started on firewall for wrong roles/networks.

How can we troubleshoot this?

Kind regards,

-- 

Giovanni Vedovi
gved...@backloop.biz
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] No suricata.yaml file present in PF 7.x

[Fabrice Durand via PacketFence-users]

Hello Kehinde,

in my opinion the better setup to do is to use security onion and send
the syslog to PacketFence.

Regards

Fabrice



Le 2017-07-18 à 06:44, Akala Kehinde via PacketFence-users a écrit :
> Hallo guys,
>
> The suricata.yaml file is missing in PF7.x. I'm trying to do a
> Suricata setup with PF. I have installed Suricata on PF on a different
> location on PF. 
>
> Now what IP addresses be specified in the $HOME-NET and $EXTERNAL
> variables. And also what interface will PF listen on for alerts, the
> PF management interface?
>
> The Suricata and Snort integration seem a bit different than earlier
> versions as trapping as been removed.
>
> Pls could you point me in the right direction.
>  
> Regards,
> Kehinde
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] No suricata.yaml file present in PF 7.x

[Akala Kehinde via PacketFence-users]

Hallo guys,

The suricata.yaml file is missing in PF7.x. I'm trying to do a Suricata
setup with PF. I have installed Suricata on PF on a different location on
PF.

Now what IP addresses be specified in the $HOME-NET and $EXTERNAL
variables. And also what interface will PF listen on for alerts, the PF
management interface?

The Suricata and Snort integration seem a bit different than earlier
versions as trapping as been removed.

Pls could you point me in the right direction.

Regards,
Kehinde
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users