Hi Yan,
once you have the file, go in the admin gui,?0?2 Configuration ->
Compliance -> General settings, verify that the mysql credentials and
database name is correct then "Action -> Initialize MySQL database"
If the access to the db is ok then you should be able to see a process
"python"
Hi Durand,
After running "yum reinstall fingerbank --enablerepo=packetfence", I can find
fingerbank_Upstream.db located in /usr/local/fingerbank/db now. But I'm not so
familiar with DB operation. How to integrate it into mysql ? Is it something
like "mysql -u username -p fingerbank <
Hi Fabrice,
It seems that we have resolved my problem but I see some strange log.
As you can see "Returned VLAN: (undefined)" and after "Added VLAN 20 to the
returned RADIUS Access-Accept":
Oct 18 16:34:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(9564) INFO:
[mac:50:3f:56:01:1c:09]
Hello Cristian,
It is but because the supplicant send DOMAIN\Username and the portal use
the sAMAccountName.
The solution could be to use another attribute that contain the
DOMAIN\Username but i am not sure it exist on the active directory and i
am not sure that user will be happy to fill
Hi Fabrice,
this is a screenshot of a captured access accept:
[cid:image001.png@01D34834.6741EF70]
Kind regards
Luca Messori
_
[Descrizione: mead]
Mead Informatica Srl
SEDE - Via G. Ferraris, 2 - 42122 Reggio Emilia
Tel. +39 0522 265800 Tel.
Hi Yan,
there is a database who is coming with the fingerbank package, so you
can probably found it in /usr/local/fingerbank/db. (yum reinstall
fingerbank if needed)
If you have it (fingerbank_Upstream.db) then you can integrate it into
mysql then the futur update will be just some interim
Hi, sorry to dig this up... Could someone please explain if this
behaviour is expected or not?
Thank you
Il 02/08/2017 17:59, Cristian Mammoli via PacketFence-users ha scritto:
Of course I checked "Use stripped username" and added "strip to the
realm option.
Il 02/08/2017 15:26, Cristian
Hi Fabrice,
I'm sorry but now I cannot see vlan VSA attributes in access accept packets
from Radius server.
Kind regards
Luca Messori
_
[Descrizione: mead]
Mead Informatica Srl
SEDE - Via G. Ferraris, 2 - 42122 Reggio Emilia
Tel. +39 0522 265800
What are the attributes returned by PacketFence ?
Le 2017-10-18 à 10:02, Luca Messori a écrit :
>
> Hi Fabrice,
>
> I’m sorry but now I cannot see vlan VSA attributes in access accept
> packets from Radius server.
>
>
>
> Kind regards
>
>
>
> */Luca Messori/*
>
> _
>
Hi Durand,
I don't have any proxy configured in my server. The cert expire error not shows
up every time. I just tried to execute wget 3 times, no certificate expire
error any more, but 1 connection refused and 2 connection closed during
downloading. Is Fingerbank has a timeout setting for
Hello!
Looking through the PacketFence repository on GitHub, I stumbled upon a
feature that would be very useful to me -- and I'm sure to others as well!
The feature is a 'node history table' for PacketFence --
https://github.com/inverse-inc/packetfence/issues/2654. It is currently
listed under
Hello Yan,
do you have a proxy between PacketFence and internet ?
When i see your wget command, i can see that :?0?2 "Issued certificate has
expired" and the fingerbank.inverse.ca certificate is not yet expired so
there is probably something that block/filter the request.
Regards
Fabrice
Le
Hi Fabrice,
You are right.
This morning I done some new test using good credential and wrong credential
(same username but wrong password) and I have the correct reply from Radius
server.
So, I haven't an authentication problem but an authorization problem to
investigate.
Radius server is
Hi Durand,
After "Initialize MYSQL database" the error missing, but now packetfence.log
keeps filling with "pfqueue: pfqueue(10132) WARN: [mac:xx:bd:27:xx:xx:xx]
Unable to perform a Fingerbank lookup for device with MAC address
'xx:bd:27:xx:xx:xx' (pf::fingerbank::__ANON__)". And
Hello Lucas,
my assumption is that you want to autoregister device if the 802.1x
authentication was successful.
What you can do is to create a Connection Profile (WireSecure) , add a
filter (Connection Type: Ethernet-EAP), enable "Automatically register
devices" and in Sources add you AD source.
15 matches
Mail list logo